dzenc@gnu.ai.mit.edu (Dan Zenchelsky) (07/26/90)
In article <DJM.90Jul25190101@frob.eng.umd.edu> djm@eng.umd.edu (David J. MacKenzie) writes: > >So I login to a host and run this like so: >exec "login -r localhost" >and stick this on logins stdin: "root\0root\0sun/9600" > >And I get a root shell. They took this auth code out of login in 4.3T >and make rlogind do it. Except that all of the logins I've seen make sure getuid()==0 before allowing this to happen. So, the only way to do this is to already be root. >-- >David J. MacKenzie <djm@eng.umd.edu> <djm@ai.mit.edu> -Dan -- ___________________________________________________________________________ | _______ |________________________________________| | || |o| Dan Zenchelsky | | | ||____| | | Any sufficiently advanced bug is | | | ___ | dzenc@gnu.ai.mit.edu | indistinguishable from a feature. | | |_|___|_| |______________-- Rich Kulawiec__________| |__________________________________|________________________________________|