Possible security problem, need information...

[dan at gacvx2.gac.edu]

In article <1991Mar18.200957.166 at gacvx2.gac.edu>, dan at gacvx2.gac.edu writes:
> Greetings,
>  
> Is there anything inherently evil giving world write access to the "root" (aka
> "/") directory on a BSD 4.3 UNIX system?  The exact permission with the command
> "ls -ld /" is "drwxrwxrwt".  I have been thinking about it for a few hours now
> and the worst thing I have come up with is writing "rc" files that the
> unsuspecting "root" user could execute and the .rhosts file could be created if
> it didn't already exist.  For readers who are about to write back and tell it
> it is a bad idea, I have already figured that out.  However the operating
> system I am dealing with ships with the protection set this way. Setting the
> protection correctly would disable a major feature of this vendors OS.  Feel
> free to use e-mail or phone to respond.  This information is to be used in a
> bug report to the vendor which they will hopefully forward to CERT if
> necessary.

Thanks to everyone who replied to my posting.  I was able to take the
information sent to me to the vendor.  It turns out that I had an old copy of
the sys admin.  The new version of the manual contains everything needed to fix
this hole.  Part of the fix is to "chmod 755 /".  The new manual is great!

I received a great deal of wisdom today on security from both the readers of
this group and the vendor.  The vendor wishes to state that they are very
security minded and do give the instruction in their manual on making the
system secure.

Another case of RTFM...

-- 
Dan Boehlke                    Internet:  dan at gac.edu
Campus Network Manager         BITNET:    dan at gacvax1.bitnet
Gustavus Adolphus College
St. Peter, MN 56082 USA        Phone:     (507)933-7596