Aucbvax.3099 fa.unix-wizards utzoo!decvax!ucbvax!unix-wizards Fri Sep 11 21:18:08 1981 >From MathStat.jmrubin@Berkeley Fri Sep 11 21:07:57 1981 TO: csvax:unix-wizards Subject: /usr/spool/mail Would you believe, after all this /usr/spool/mail business, I found a a local mail program, setuid root, which was calmly willing to write to any file, or to creat the file if it didn't exist? Made the previous bugs seem positively Byzantine by comparison. If you have that, you might as well give up--/etc/passwd can be written on. Anyone for setuid root programs which fork a shell without resetting the uid? Joel Rubin ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.