3b1 security and removal of ua

Jon H. LaBadie jon at jonlab.UUCP
Mon Apr 8 23:27:37 AEST 1991

The recent discussion of security on the 3B1 (is that an oxymoron?)
caused me to recall that I've never seen this particular hole posted.

There is a function in the TAM library, eprintf(3T), that is used to
print error messages.  It is how the ! and !! icons get on the first
line of your screen.  Also, the calendar icon if you are using the
pcal program.

I believe eprintf writes to /dev/error, which is read by smgr.

It all seems pretty innocuous, display an icon, print a message when
a user clicks on the icon.  No danger there.

EXCEPT, one of the arguments to eprintf(3T) is what to do when the
user clicks on the icon.  And one of the possibilities is ST_EXEC;
execute a program!!!

Guess which user id, and in which directory the program is executed;

You security hounds are right: by root and in the root directory.

So, essentially, anyone with access to your C compiler has access to
your entire machine!

Sleep comfortably last night?


More information about the Comp.sys.3b1 mailing list