> ...he was saying things like "just go
> on the net and look, and you'll see ways to get a command line prompt
> through any unix web server..."
>
> I didn't tell him that I've probably looked on the web for a lot more
> hacking stuff than he ever has, and I've never heard it was _that_ bad..
Sure it is. If you've got a hole that allows you to execute arbitrary
commands, you can get a command line prompt fairly easily. Just
use a C or perl program to open a TCP socket, connect to it from
the remote site, and then exec a shell with that descriptor as
stdin/stdout/stderr.
And, of course, once you've got that, it's often not too tough to
get root, especially on older systems.
cjs
Curt Sampson cjs@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc. Through infinite mist, software reverberates
Vancouver, BC (604) 257-9400 In code possess'd of invisible folly.