MOO-cows Mailing List Archive


Fun with FUP and root.

We just had an interesting situation at SchoolNet MOO.  The SchoolNet 
computer was rebooted, and our new root (despite previous warnings) 
restarted our MOO using his account.  Since our MOO has FUP installed we 
were able to write a line to a file (which was created as a root-owned 
file), chmod it +x, then using our Unix accounts move it from the files 
directory to the bin directory.  Presto, now the MOO can execute any 
command with root perms.  We tried it, and it worked.

It doesn't take a rocket scientist to figure out that MOOs with FUP and 
root perms are a dangerous mix, but not every root knows just how 
flexible a MOO can be (it isn't just a Dungeon game for the kiddies).  
Fortunately only wizards who  have UNIX accounts can take advanage of 
this situation when it arises.

                                       Live Long and Prosper!  \\//_
                                       Neil D. Fraser
                                       SchoolNet Support Group
Mail:  Web:


Home | Subject Index | Thread Index