Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!sdd.hp.com!think.com!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!dkuug!daimi!jt!erl
From: erl@jt.dk (Erik B. Larsen)
Newsgroups: comp.unix.admin
Subject: Security in SunOS
Keywords: security
Message-ID: <784@jt.dk>
Date: 19 Feb 91 07:46:26 GMT
Organization: Jutland Telephone Co. Denmark
Lines: 28


I've noticed af security-hole in SunOS (maybe).
If you have a diskless workstation mounted on af server, and they are running
NIS, then of cource you only have one entry for root (on the server).

Now - everyone can boot a workstation up in single-user, and if you just know
a little bit of Unix, then it's easy to make an user called root or something 
else in the clients /etc/passwd.

Then you can boot up in multiuser, and you've free access on the server to
delete everything!

Anyone, who know how I can solved this problem?
I'll like to hear from you.



Regards


Erik Bruijn Larsen 
Systemadministrator
Jutland Telephone Company
Denmark
Email: erl@jt.dk

-------------------------------------------------------------------------------
Remember: The Sun is always shining!
-------------------------------------------------------------------------------