interesting feature on AMIX..
Darren Reed
avalon at coombs.anu.edu.au
Mon Jun 24 13:30:03 AEST 1991
frank at hfsi.UUCP (Frank McPherson) writes:
>In article <1991Jun21.201119.722 at ckctpa.UUCP> crash at ckctpa.UUCP (Frank J. Edwards) writes:
>>Suppose I make a floppy on my machine and put a copy of ksh on it. Then
>>I make that ksh set-uid to root and mount it on your system. I execute
>>that ksh and viola! I get the "#" prompt...
>>
>Would you have to meddle around with the KSH to make it set-uid to root?
>My point here is, if you started up a ksh, even if from your own file
>system, shoudn't it disallow you to setuid to root? If not, that is a
[...]
it is a bit of security problem, the Amiga3000UX should come with an
entry for /dev/dsk/fd0 in one of the files in /etc (maybe fstab but
commented out) to make it easier for novices to mount the floppy
drive (not as easy as if sounds for a novice!) and to have it mount
with the correct options - it is possible to mount a device under unix
and have it IGNORE setuid bits - its just that most devices are mounted
"setall". The default is "setall" i believe, so that if you mount a
floopy without disabling setuid programs people can quite easily create
setuid programs on floppy disks and execute them on your 3000.
Under AMIX both sh/csh disallow you to run suid shell scripts - you need
at least *one* shell which will let you create/run setuid shell scipts.
darren
More information about the Comp.unix.amiga
mailing list