Security in SunOS
Erik B. Larsen
erl at jt.dk
Tue Feb 19 18:46:26 AEST 1991
I've noticed af security-hole in SunOS (maybe).
If you have a diskless workstation mounted on af server, and they are running
NIS, then of cource you only have one entry for root (on the server).
Now - everyone can boot a workstation up in single-user, and if you just know
a little bit of Unix, then it's easy to make an user called root or something
else in the clients /etc/passwd.
Then you can boot up in multiuser, and you've free access on the server to
delete everything!
Anyone, who know how I can solved this problem?
I'll like to hear from you.
Regards
Erik Bruijn Larsen
Systemadministrator
Jutland Telephone Company
Denmark
Email: erl at jt.dk
-------------------------------------------------------------------------------
Remember: The Sun is always shining!
-------------------------------------------------------------------------------
More information about the Comp.unix.admin
mailing list