Thanks to one of the users of my MiNTOS package I have tracked down a bug in
the BSD-net2 version of login.c which allows anyone who has an account on
the machine to gain root priviledges.
The version of login.c has the following sccsid line:-
The bug is that it doesn't reset the root login flag after an unsuccessful
attempt to login as root. The upshot of this is that if a person first
attempts to login as root, fails, then logs in as him/herself, he/she has a
uid of 0!
The fix is to add the line:-
rootlogin = 0;
After the code:-
if (pwd && !rval)
break;
I don't know if there are any other versions of this code which also have
the same problem.
I suggest that if you have a Net2-BSD derived system you check login.c and
fix it ASAP.
Steve
--
---------------------------------------------------------------------------
Computer Systems Administrator, Dept. of Earth Sciences, Oxford University.
Tel:- Oxford (0865) 282110 (UK) or +44 865 282110 (International).