3b1 security and removal of ua
Jon H. LaBadie
jon at jonlab.UUCP
Thu Apr 11 00:35:01 AEST 1991
In article <584 at iczer-1.UUCP>, emm at iczer-1.UUCP (Edward M. Markowski) writes:
> In article <927 at jonlab.UUCP> jon at jonlab.UUCP I, Jon H. LaBadie wrote:
> |Guess which user id, and in which directory the program is executed;
> |
> |You security hounds are right: by root and in the root directory.
> |
> |So, essentially, anyone with access to your C compiler has access to
> |your entire machine!
Ed replied:
> This is only a problem if the user also has access to the console.
Well, then again, I could schedule a trojan horse to run when YOU, who
does have access to the console clicks on the icon. In fact, with one
of the other parameters to eprintf(3T), I can specify who sees the icon.
I think this widens the problem to anyone with access to the system.
> You might be able to close this hole by securing(sp?) /dev/error,
> I don't think joe user does really needs access to /dev/error.
You may be correct. However, the designers of the safari 4 seemed to
expect that the device would be widely available. Thus, mail and pcal
can get their icons up on the status line. Other equally non-privledged
programs can also get messages there.
Break the chain, and you may enhance security, but you may also degrade
useability of the system. Boy, isn't that the general trade-off?
Jon
--
Jon LaBadie
{att, princeton, bcr, attmail!auxnj}!jonlab!jon
More information about the Comp.sys.3b1
mailing list