[Coco] setuid? wasRe: Telnet to your CoCo.. and invite 6 of your friends
Willard Goosey
goosey at virgo.sdc.org
Sun Nov 29 18:19:27 EST 2009
On Sun, Nov 29, 2009 at 08:08:36AM -0500, Aaron Wolfe wrote:
> The OS9 F$SUser works as described in the docs. It will let you
> become any user you'd like. I wrote a tiny (41 bytes in module form)
> 'su' command to verify, the relevant code is:
Nice job!
I'm disappointed by the results, but that's not YOUR fault.
Sad thing is, it's probably not worth doing anything about. The
system call itself would be a pretty easy fix (cmp <current usr>,0 bne
denied) but then, there are programs non-root users need that want to
become root. A password-changer program comes to mind.
So yeah, I guess you were right in the first place: If you're going
to expose OS-9 to a hostile network, run a BBS that does its own
security.
Willard
--
Willard Goosey goosey at sdc.org
Socorro, New Mexico, USA
I search my heart and find Cimmeria, land of Darkness and the Night.
-- R.E. Howard
More information about the Coco
mailing list