Subject: Re: Removing dm(1)
To: Curt Sampson <cjs@portal.ca>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: netbsd-users
Date: 11/18/1997 10:48:25
On Tue, 18 Nov 1997 10:37:26 -0800 (PST)
Curt Sampson <cjs@portal.ca> wrote:
> This was already explained in detail. Set your screen height to 25
> or less, run /usr/games/fish, ask for instructions, and then spawn
> a subshell from the more(1) that displays the instructions. You
> are now the games user, and can replace any game you like with a
> trojan with the same functionality, but that also squirrels away
> a copy of /bin/sh suid to user running it, or does whatever else
> you like as that user running it. Do this with fortune(6), for
> example, and you nail some users (such as me) every time they log in.
Ah, thank you. I was hoping this is what you'd tell me. Basically,
now I can give you an example of significant functionality that
dm(8) provides...
Curt: I suggest you edit /etc/dm.conf to disallow games that spawn pagers
until this issue is dealt with. :-)
Jason R. Thorpe thorpej@nas.nasa.gov
NASA Ames Research Center Home: +1 408 866 1912
NAS: M/S 258-6 Work: +1 650 604 0935
Moffett Field, CA 94035 Pager: +1 415 428 6939