netbsd-bugs: Re: rdist(1) security bugs

Subject: Re: rdist(1) security bugs
To: Frank van der Linden <vdlinden@fwi.uva.nl>
From: Chris G. Demetriou <cgd@postgres.Berkeley.EDU>
List: netbsd-bugs
Date: 03/15/1994 17:59:44

i put the "gimme" script into gimme, and the foosh-making script into
mkfoosh...  here are the results of running them:

272 [sun-lamp] rdtest % ls -la /etc/master.passwd
-rw-------  1 root  wheel  7131 Mar 13 13:43 /etc/master.passwd
273 [sun-lamp] rdtest % gimme /etc/master.passwd
274 [sun-lamp] rdtest % ls -la /etc/master.passwd
-rw-------  1 root  wheel  7131 Mar 13 13:43 /etc/master.passwd
275 [sun-lamp] rdtest % gimme /etc/master.passwd &
[1] 7329
276 [sun-lamp] rdtest % 
[1]    Done                   gimme /etc/master.passwd
ls -la /etc/master.passwd
-rw-------  1 root  wheel  7131 Mar 13 13:43 /etc/master.passwd
277 [sun-lamp] rdtest % mkfoosh
/tmp/foosh is a  setuid shell. 
278 [sun-lamp] rdtest % ls -la /tmp/foosh
-rwsr-xr-x  1 cgd  wheel  90112 Mar 15 17:58 /tmp/foosh*

As i expected, these bugs are not (from what i can tell) present
in NetBSD-current's rdist, even when it is installed set-uid root.
Did i do something wrong here?


cgd

------------------------------------------------------------------------------