Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!wuarchive!udel!brahms.udel.edu!weave From: weave@chopin.udel.edu (Ken Weaverling) Newsgroups: comp.unix.sysv386 Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 Summary: Thoughts, plus info for PRIME customers Keywords: BAD BUG Message-ID: <16434@chopin.udel.edu> Date: 15 Feb 91 15:54:10 GMT References: <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM> <1991Feb15.134715.16979@virtech.uucp> Organization: University of Delaware Lines: 36 (Some info for PRIME customers below, but first.....) In article <1991Feb15.134715.16979@virtech.uucp> cpcahil@virtech.uucp (Conor P. Cahill) writes: > > 2. I wholeheartly DISAGREE with you posting the source code which > performs the security bypass. You could have just posted the > uuencoded binary which would have been enough to prove your point > without making it extremely easy for any two bit user to obtain > privileged access. I agree, and the binary could have proven the point with out making passwd and shadow 666. Therefore, if a curious user got hold of it and ran it without really wanting to do damage, the files could be left 666 for someone else to play with. Another alternative could have been a posting such as: "Hey, take a look at -- guess what, a user can WRITE to those fields!" That would have the same shock value for sysadmins, then I could do *something* to buy myself *some* time like make user.h 600 or make it a FIFO so a compile that attempts to #include it would hang or even if I was real industrious, put a daemon on the other end of the FIFO which could alert me if someone opened it. I'm not upset with the fellow who did the post. In the end, he will have done us all a great favour. It's just that I feel naked and helpless right now.... BTW, the bug appears on the Prime EXL 300 and matchbox series running Prime's version of SYSV/386. I called Prime and they opened a Priority SPAR on it. Any Prime customers should monitor the Prime diagnostic database for the fix announcement. SPAR # is 4052031 -- >>>---> Ken Weaverling >>>----> weave@brahms.udel.edu