MOO-cows Mailing List Archive


Re: Fun with FUP and root.

On Tue, 25 Feb 1997, Neil Fraser wrote:

> We just had an interesting situation at SchoolNet MOO.  The SchoolNet 
> computer was rebooted, and our new root (despite previous warnings) 
> restarted our MOO using his account.  Since our MOO has FUP installed we 
> were able to write a line to a file (which was created as a root-owned 
> file), chmod it +x, then using our Unix accounts move it from the files 
> directory to the bin directory.  Presto, now the MOO can execute any 
> command with root perms.  We tried it, and it worked.
> It doesn't take a rocket scientist to figure out that MOOs with FUP and 
> root perms are a dangerous mix, but not every root knows just how 
> flexible a MOO can be (it isn't just a Dungeon game for the kiddies).  
> Fortunately only wizards who  have UNIX accounts can take advanage of 
> this situation when it arises.
>                                        Live Long and Prosper!  \\//_
>                                        Neil D. Fraser
>                                        SchoolNet Support Group
> Mail:  Web:


Home | Subject Index | Thread Index