3b1 security and removal of ua
Edward M. Markowski
emm at iczer-1.UUCP
Tue Apr 9 12:22:11 AEST 1991
In article <927 at jonlab.UUCP> jon at jonlab.UUCP (Jon H. LaBadie) writes:
|Guess which user id, and in which directory the program is executed;
|
|You security hounds are right: by root and in the root directory.
|
|So, essentially, anyone with access to your C compiler has access to
|your entire machine!
This is only a problem if the user also has access to the console.
You might be able to close this hole by securing(sp?) /dev/error,
I don't think joe user does really needs access to /dev/error.
--
-------------------------------------------------------------------------------
Edward M. Markowski -- iczer-1 Administrator
...the garage is flooded from the sprinkler.
VOICE : (201) 478-6052 It also left a man's decapitated body, lying
UUCP : ..!uunet!iczer-1!emm on the floor next to his own severed head.
-or- : ..!tronsbox!iczer-1!emm A head which at this time has no name.
More information about the Comp.sys.3b1
mailing list