On Thu, 18 Apr 2002, John Hunter wrote: > >>>>> "jay" == jay <[EMAIL PROTECTED]> writes: > > jay> i think it's called the "root me" flag. =jay > > Can you explain to me what the danger is? How does read/write access > to /var/spool/mail/root by LAN clients with root permission make it > easier to get root access to other NFS clients or the NFS server?
usually, what you'd do is hop on the lan with a laptop or somesuch, mount the dir, place a suid root shell binary into it, then log into one of the clients or the server, execute the binary and then you're the man. that all depends on having accounts on either the client or server and some other variables, but even if you don't have an account, with some effort i'm sure it wouldn't be that hard to get one. hey man, i'm in hawaii. i'm not supposed to be thinking about stuff like this. back to eating fish and staring at half naked women. =jay _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
