On Thu, Jan 18, 2001 at 11:57:12PM +0100, Konrad Rieck wrote:
> cu is only set setuid for the owner uucp and an attacker won't gain any
> special privileges, but he would gain access to the files in /etc/uucp.
Michael H. Warfield:
> Correction... He does gain special privileges. He gains access
> to all the uucp control files which can contain account names and passwords
> on other systems. It ain't root, but it's more than what he should have.
It is worse than that. Once UUCP privilege is gained you can replace
the UUCP executables. That gives you full control over any user that
happens to execute those UUCP executables - a root-owned cron job,
a sendmail.cf mailer rule that executes as daemon, and so on.
Wietse
