3b1 security and removal of ua

Jon H. LaBadie jon at jonlab.UUCP
Thu Apr 11 00:35:01 AEST 1991

In article <584 at iczer-1.UUCP>, emm at iczer-1.UUCP (Edward M. Markowski) writes:
> In article <927 at jonlab.UUCP> jon at jonlab.UUCP I, Jon H. LaBadie wrote:
> |Guess which user id, and in which directory the program is executed;
> |
> |You security hounds are right: by root and in the root directory.
> |
> |So, essentially, anyone with access to your C compiler has access to
> |your entire machine!

Ed replied:

> This is only a problem if the user also has access to the console.

Well, then again, I could schedule a trojan horse to run when YOU, who
does have access to the console clicks on the icon.  In fact, with one
of the other parameters to eprintf(3T), I can specify who sees the icon.

I think this widens the problem to anyone with access to the system.

> You might be able to close this hole by securing(sp?) /dev/error,
> I don't think joe user does really needs access to /dev/error.

You may be correct.  However, the designers of the safari 4 seemed to
expect that the device would be widely available.  Thus, mail and pcal
can get their icons up on the status line.  Other equally non-privledged
programs can also get messages there.

Break the chain, and you may enhance security, but you may also degrade
useability of the system.  Boy, isn't that the general trade-off?


Jon LaBadie
{att, princeton, bcr, attmail!auxnj}!jonlab!jon

More information about the Comp.sys.3b1 mailing list