Possible security problem, need information...
dan at gacvx2.gac.edu
dan at gacvx2.gac.edu
Tue Mar 19 12:09:57 AEST 1991
Greetings,
Is there anything inherently evil giving world write access to the "root" (aka
"/") directory on a BSD 4.3 UNIX system? The exact permission with the command
"ls -ld /" is "drwxrwxrwt". I have been thinking about it for a few hours now
and the worst thing I have come up with is writing "rc" files that the
unsuspecting "root" user could execute and the .rhosts file could be created if
it didn't already exist. For readers who are about to write back and tell it
it is a bad idea, I have already figured that out. However the operating
system I am dealing with ships with the protection set this way. Setting the
protection correctly would disable a major feature of this vendors OS. Feel
free to use e-mail or phone to respond. This information is to be used in a
bug report to the vendor which they will hopefully forward to CERT if
necessary.
--
Dan Boehlke Internet: dan at gac.edu
Campus Network Manager BITNET: dan at gacvax1.bitnet
Gustavus Adolphus College
St. Peter, MN 56082 USA Phone: (507)933-7596
More information about the Comp.unix.admin
mailing list