3b1 security and removal of ua

Edward M. Markowski emm at iczer-1.UUCP
Tue Apr 9 12:22:11 AEST 1991

In article <927 at jonlab.UUCP> jon at jonlab.UUCP (Jon H. LaBadie) writes:
|Guess which user id, and in which directory the program is executed;
|You security hounds are right: by root and in the root directory.
|So, essentially, anyone with access to your C compiler has access to
|your entire machine!

This is only a problem if the user also has access to the console.

You might be able to close this hole by securing(sp?) /dev/error,
I don't think joe user does really needs access to /dev/error.
Edward M. Markowski -- iczer-1 Administrator

                                 ...the garage is flooded from the sprinkler.
VOICE : (201) 478-6052           It also left a man's decapitated body, lying
UUCP  : ..!uunet!iczer-1!emm     on the floor next to his own severed head.
 -or- : ..!tronsbox!iczer-1!emm  A head which at this time has no name.

More information about the Comp.sys.3b1 mailing list