Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxt!mhuxv!mhuxh!mhuxi!mhuxm!mhuxj!houxm!vax135!cornell!uw-beaver!tektronix!decvax!genrad!panda!talcott!harvard!seismo!brl-tgr!tgr!ron@BRL-TGR From: Ron NatalieNewsgroups: net.unix-wizards Subject: Re: Finding setuid programs Message-ID: <8063@brl-tgr.ARPA> Date: Tue, 5-Feb-85 19:34:47 EST Article-I.D.: brl-tgr.8063 Posted: Tue Feb 5 19:34:47 1985 Date-Received: Sat, 9-Feb-85 08:11:22 EST Sender: news@brl-tgr.ARPA Organization: Ballistic Research Lab Lines: 8 I assumme the unkillable program mearly had a copy of itself open that it could keep writing itself out. The reason you have to go back to the distribution tapes is evidenced by something that happened to us once. One of our nefarious users modified /lib/crt0 to exec a file called ^V in the current directory. I was only a few extra bytes and all he had to do was wait for it to show up in setuid programs again. -Ron