Path: utzoo!attcan!uunet!know!samsung!usc!orion.oac.uci.edu!iglesias
From: iglesias@orion.oac.uci.edu (Mike Iglesias)
Newsgroups: comp.unix.ultrix
Subject: Re: Security & COPS
Keywords: security
Message-ID: <26F0F6C6.16543@orion.oac.uci.edu>
Date: 14 Sep 90 15:27:02 GMT
References: <11883@crdgw1.crd.ge.com>
Reply-To: iglesias@orion.oac.uci.edu (Mike Iglesias)
Organization: University of California, Irvine
Lines: 40

In article <11883@crdgw1.crd.ge.com> vanpelt@crd.ge.com (wayne e vanpelt) writes:
>Recently one of my coworkers attended a Usenix Conveference on Security.
>He brought back with him COPS, a script that will indicate various
>weeknesses existing on a particular system. When executed on our vax
>3500 running ultrix 3.2 it indicated that /dev/kmem and /dev/mem were
>world readable. When this permission was removed, various programs broke
>(ps, uptime, and w I know about and adjusted). It appeared to cause some
>mail to bounce but I'm not sure if that was a result of the change.
>
>Does anyone have a list of the programs that come with ultrix that need
>permission to read /dev/kmem? (Please respond via e-mail to
>'vanpelt@crd.ge.com' as I do not regularly read this news group).

I recently did this on my DECstation 3100 running Ultrix 3.1.  I used
group 6 as kmem, since that's what our Ultrix v4.0 system uses (DEC
has fixed this for you in v4.0).  All these programs need to be
chgrp'd to kmem and chmod'd to 2755 (or 6755 if it's setuid root). 

Here's the list of programs that needed fixing:

/bin/ps
/dev/kmem
/dev/mem
/usr/etc/pstat
/usr/etc/arp
/usr/etc/nfsstat
/usr/bin/iostat
/usr/bin/ipcs
/usr/bin/mail
/usr/ucb/netstat
/usr/ucb/uptime
/usr/ucb/vmstat
/usr/ucb/w


Mike Iglesias
University of California, Irvine
Internet:    iglesias@orion.oac.uci.edu
BITNET:      iglesias@uci
uucp:        ...!ucbvax!ucivax!iglesias