Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxt!mhuxv!mhuxh!mhuxi!mhuxm!mhuxj!houxm!vax135!cornell!uw-beaver!tektronix!decvax!genrad!panda!talcott!harvard!seismo!brl-tgr!tgr!ron@BRL-TGR
From: Ron Natalie  
Newsgroups: net.unix-wizards
Subject: Re:  Finding setuid programs
Message-ID: <8063@brl-tgr.ARPA>
Date: Tue, 5-Feb-85 19:34:47 EST
Article-I.D.: brl-tgr.8063
Posted: Tue Feb  5 19:34:47 1985
Date-Received: Sat, 9-Feb-85 08:11:22 EST
Sender: news@brl-tgr.ARPA
Organization: Ballistic Research Lab
Lines: 8

I assumme the unkillable program mearly had a copy of itself open that
it could keep writing itself out.  The reason you have to go back to
the distribution tapes is evidenced by something that happened to us
once.  One of our nefarious users modified /lib/crt0 to exec a file
called ^V in the current directory.  I was only a few extra bytes and
all he had to do was wait for it to show up in setuid programs again.

-Ron