Possible security problem, need information...
Ed Otto
edotto at ux1.cso.uiuc.edu
Thu Mar 21 02:54:42 AEST 1991
dan at gacvx2.gac.edu writes:
>Greetings,
>
>Is there anything inherently evil giving world write access to the "root" (aka
>"/") directory on a BSD 4.3 UNIX system? The exact permission with the command
>"ls -ld /" is "drwxrwxrwt". I have been thinking about it for a few hours now
>and the worst thing I have come up with is writing "rc" files that the
>unsuspecting "root" user could execute and the .rhosts file could be created if
>it didn't already exist. For readers who are about to write back and tell it
>it is a bad idea, I have already figured that out. However the operating
>system I am dealing with ships with the protection set this way. Setting the
>protection correctly would disable a major feature of this vendors OS. Feel
>free to use e-mail or phone to respond. This information is to be used in a
>bug report to the vendor which they will hopefully forward to CERT if
>necessary.
What machine is this? I want to overwrite their operating system with one of myown...
But seriously,I think that this is not a problem as mine is the same way.
I think that world MUST have write access to the root fs, because otherwise
I don't think that you could write ANYTHING on the entire file system unless
you were logged in as 'root'...
If not, will someone please tell ME so I can change mine, too?
More information about the Comp.unix.admin
mailing list