Re: your mail

[vermont () GATE NET (Illuminati Primus)]

The problem is, Good Little Sysadmins(tm) would still be compromised due
the fact that cron jobs are usually stored in /var/spool/cron .  Cowzilla
the bovine would still be able to append to root's crontab and get root.
Now if /var/tmp was on a separate partition along with /tmp (why not just
symlink them together?), then the Good Little Sysadmins(tm) would be
saved.  Even better would be a +securehlink mount option (I think there is
a patch for linux).  This would solve many problems related to hard links
to files owned by other users (gzip, pine, quota rips offs, saving buggy
suid root sendmails, etc).

-Vermont
 vermont () gate net

On Mon, 24 Mar 1997, Jamie Rishaw wrote:

> > Hello fellow mongoloids
> > Try this:
> > Make hard link of /etc/passwd to /var/tmp/dead.letter
> > Telnet to port 25, send mail from some bad email address to some unreacheable hoost.
> > Watch your message get appended to passwd.
> > ie:
> > cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh
>
> This is why Good Little Sysadmins(tm) have /, /var, /tmp, /usr, etc. on
> separate partitions and/or drives.
>
> If /etc and /var/tmp are on different partitions this wont work. Can't
> symlink cross-device far as I know.
>
> > This is not good.  Worked with my 8.8.4, will probably also work with 8.8.5
> > Root for the whole family
> >
> > -Cowzilla the omnipotent b0v1n3
> > PD
> > Greets to various #2600 people
>
>
> --
> jamie g.k. rishaw <jamie () iagnet net> - Internet Access Group [www.iagnet.net]
>   -  Cleveland  -  Akron  -  Pittsburgh  -  Detroit  -  Columbus  -  Toledo  -
> Corp: (800) 637 4IAG / (216) 623 3565. DID: (216) 902 5455. FAX (216) 623 3566.
> Personal: jamie@@arpa.com || jamie@@null.net (Remove second @, nonspammers) =)