Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!husc6!cs.utexas.edu!execu!sequoia!rpp386!jfh
From: jfh@rpp386.Dallas.TX.US (John F. Haugh II)
Newsgroups: comp.unix.wizards
Subject: Re: Getting rid of the root account
Message-ID: <16734@rpp386.Dallas.TX.US>
Date: 23 Jun 89 13:35:56 GMT
References: <127@orchid.warwick.ac.uk> <16659@rpp386.Dallas.TX.US> <4499@ficc.uu.net> <1566@mcgill-vision.UUCP> <12148@bloom-beacon.MIT.EDU>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: River Parishes Programming, Plano TX
Lines: 24

In article <12148@bloom-beacon.MIT.EDU> jfc@athena.mit.edu (John F Carr) writes:
>In article <1566@mcgill-vision.UUCP> mouse@mcgill-vision.UUCP (der Mouse) writes:
>Before allowing mount access to someone, make sure that all your system
>directories are opened by some process (so you can't mount over them).
>Otherwise you may find somebody else's /etc mounted over your own (for
>example), at which point nosuid is no longer effective (there are a number
>of less obvious directories, depending on your system).

I was laying in bed thinking exactly this just last night ...

I had long wondered why login should be in /etc rather than /bin and
overmounting system directories makes the perfect case.  I might
remember to protect /etc from being overmounted; will I remember to
protect /bin and others where system programs reside?

This problem of trusted programs executing non-trusted programs by
accident causes UNIX to be inherently untrustable.  No trusted program
should ever execute any untrusted program.  UNIX completely lacks this
concept.
-- 
John F. Haugh II                        +-Button of the Week Club:-------------
VoiceNet: (512) 832-8832   Data: -8835  | "AIX is a three letter word,
InterNet: jfh@rpp386.Cactus.Org         |  and it's BLUE."
UucpNet : <backbone>!bigtex!rpp386!jfh  +--------------------------------------