hello ! if nslookup is installed with the s-bit all users can create and overwrite files owned by root. this works in the interactive mode, when dumping dns-records to a file (with ls -d DOMAINNAME > FILE for example). i checked it on aix 4.2.0, 4.2.1 and 4.1.1, where nslookup is installed suid-root by default. maybe its possible to create usable files with an own "special" nameserver. or maybe its possible to pipe the answers to a script to create the files you want, but i haven't tried this. greetings, Andreas p.s.: if this has already been reported to this list - sorry for my lazyness to search an archive of bugtraq. --
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:02 PDT