Security in SunOS
Karl Denninger
kdenning at pcserver2.naitc.com
Thu Feb 21 02:52:50 AEST 1991
In article <784 at jt.dk> erl at jt.dk (Erik B. Larsen) writes:
>
>I've noticed af security-hole in SunOS (maybe).
>If you have a diskless workstation mounted on af server, and they are running
>NIS, then of cource you only have one entry for root (on the server).
>
>Now - everyone can boot a workstation up in single-user, and if you just know
>a little bit of Unix, then it's easy to make an user called root or something
>else in the clients /etc/passwd.
>
>Then you can boot up in multiuser, and you've free access on the server to
>delete everything!
You are correct. If you can boot single user, and/or get root, you can then
su to anyone else and do what you will.
However, you can prevent booting single-user. See "security-mode" in the
PROM command screen for details. Basically it's a second password you have
to know in order to do anything other than boot multiuser from the default
drive/server.
--
Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285
kdenning at nis.naitc.com
"The most dangerous command on any computer is the carriage return."
Disclaimer: The opinions here are solely mine and may or may not reflect
those of the company.
More information about the Comp.unix.admin
mailing list