Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: /etc/utmp

Re: /etc/utmp

der Mouse (mousecollatz.mcrcim.mcgill.edu)
Tue, 12 Apr 1994 08:10:51 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Christopher Klaus: "Wu-FTP info."
Previous message: Bonfield James: "Re: CERT Advisory - wuarchive ftpd Trojan Horse"

>> There is some code in taintperl to make sure that a symlink swap
>> hasn't taken place beneath the SUID scipt in question.  Grep the
>> perl sources for "Mail".  Larry has left a little surprise for
>> would-be hackers. :)

I did grep the perl source - version 4.036 - for Mail, and found only
one hit:

perl-4.036/emacs/tedstuff:Sender: mmdfuvaarpa.Virginia.EDU (Uvaarpa Mail System)

You have to grep for "mail", or more precisely, "/bin/mail".  Or, to
perhaps save you the time, it's in perl.c (perl-4.036/perl.c, at least
for this version).

					der Mouse

			    mousecollatz.mcrcim.mcgill.edu

Next message: Christopher Klaus: "Wu-FTP info."
Previous message: Bonfield James: "Re: CERT Advisory - wuarchive ftpd Trojan Horse"