Possible security problem, need information..

[dan at gacvx2.gac.edu]

> The sticky bit is NOT (repeat NOT) implemented on all systems.  If the
> sticky bit is implemented CORRECTLY, then the worst I can do is create
> a file in /, and make it grow till "/" fills up.  This is good for a
> crash on some systems :-)
> 
> However, if the sticky bit is unimplemented, or is implemented half
> heartedly, then you can move files you own on top of files someone else
> owns (even though you may not be able to rm files owned by others).

The sticky bit works quite well on the system with the problem.  Even with the
protection set to 1777 the system was hard to break.  I had to use holes in
programs that were supplied by third parties to break into the system.  The
version of Emacs that I have and a communications program with a "rc" script
were to of the ways I found to break in.  Emacs didn't check the owner of
.emacsrc.  In both cases "root" had to be tricked into running the scripts.  I
still think that leaving the root set to 1777 is a bad idea, and I have been
given instructions by the vendor that will allow me to set the root set to 755. 
The vendor did a good job fixing the hole opened up by the protection, however
they cannot fix things they have no control over.

-- 
Dan Boehlke                    Internet:  dan at gac.edu
Campus Network Manager         BITNET:    dan at gacvax1.bitnet
Gustavus Adolphus College
St. Peter, MN 56082 USA        Phone:     (507)933-7596