Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!apple!agate!ucbvax!apo.esiee.fr!bonnetf
From: bonnetf@apo.esiee.fr (bonnet-franck)
Newsgroups: comp.sys.apollo
Subject: security with rc files
Message-ID: <9101111133.AA13945@apo.esiee.fr>
Date: 11 Jan 91 11:33:21 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 41

Hi,

We've found a security problem ( one more ! )

The problem is the following :

1 - When you boot a diskless machine on a disked partner the /sys/node_data.xxx
    directory is created .

2 - Another directory is created : /sys/node_data.xxx/etc . 

3 - The following files are newly created in that directory

                    rc
                    rc.local
                    rc.user

4 - The bad thing is that these files are NOT protected after their creation ... 
    Everybody has "pwrx" rights on these files, ouch !                            
 
    As it is well known, when the machine bootup the rc and rc.local files
    are executed with ROOT privileges !!! That means that anybody can :

    - Edit this file. 
    - Write inside some dirty things.
    - Reboot the machine.
    - The dirty things are EXECUTED WITH ROOT PRIVILEGES at bootup ... !!!

5 - These files are protected at install on a disked machine, why aren't they
    during the /sys/node_data.xxx creation ??? 
    As Mr Spock could say : "This should be logical captain" .

    Bye,

-------------------------------------------------------------------------------|
bonnetf@apo.esiee.fr                     |                                     |
Frank Bonnet                             | Surfing ...                         |
E.S.I.E.E                                |                                     |
BP99 93162 Noisy le Grand cedex.FRANCE.  | the rest is details !               |
Fax   : 33 1 45 92 66 99                 |                                     |
-------------------------------------------------------------------------------|