interesting feature on AMIX..
Karl-Gunnar Hultland
karl at prophet.UUCP
Thu Jun 27 13:21:48 AEST 1991
>In article <431 at hfsi.UUCP> frank at hfsi.UUCP (Frank McPherson) writes:
>In article <1991Jun21.201119.722 at ckctpa.UUCP> crash at ckctpa.UUCP (Frank J. Edwards) writes:
>>Suppose I make a floppy on my machine and put a copy of ksh on it. Then
>>I make that ksh set-uid to root and mount it on your system. I execute
>>that ksh and viola! I get the "#" prompt...
>>
>Would you have to meddle around with the KSH to make it set-uid to root?
>My point here is, if you started up a ksh, even if from your own file
>system, shoudn't it disallow you to setuid to root? If not, that is a
>pretty serious security hole in the way we're doing things. I'm not
>sure that it really MATTERS, because the machines aren't incredibly
>important anyway, and there aren't any overwhelming reasons for someone
>to want root access on one of them, other than just saying they did it.
>
If I OWN an own A3000 running UNIX the I could easy make a set-uid root
ksh on a floppy. That's not REALLY a security hole.
Karl
---
Karl Hultland, {rutgers | pyramid | uunet}!cmbvax!cbmehq!cbmswe!prophet!karl
Organization: Mine all mine.
Egoist: a person of low taste, more interested in himself than in me.
- A. Bierce
More information about the Comp.unix.amiga
mailing list