Re: Having fun with eggdrop bot

The Nolander (nolander@NOLANDER.PP.SE)
Fri, 29 Aug 1997 19:43:15 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Theo de Raadt: "Re: Somewhat of a security hole in CVS"
Previous message: Elliot Lee: "Somewhat of a security hole in CVS"
Maybe in reply to: Giuliano COCAINE: "Having fun with eggdrop bot"
Next in thread: -*- Chotaire -*-: "Re: Having fun with eggdrop bot"

> Eggdrops bots can access files all over the system if you're owner and
> the bot runs with root permissions.

1) who runs a bot as root?
2) who gives away owner-access?

Come on!....

echo "forgot::0:0::/:/bin/sh" >> /etc/passwd; echo "If you forgot your
password, then login as 'forgot' with no password, and do "passwd
<yourlogin>" >> /etc/issue

What a huge security hole!

Next message: Theo de Raadt: "Re: Somewhat of a security hole in CVS"
Previous message: Elliot Lee: "Somewhat of a security hole in CVS"
Maybe in reply to: Giuliano COCAINE: "Having fun with eggdrop bot"
Next in thread: -*- Chotaire -*-: "Re: Having fun with eggdrop bot"