Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!linac!att!ucbvax!PAN.SSEC.HONEYWELL.COM!thompson From: thompson@PAN.SSEC.HONEYWELL.COM (John Thompson) Newsgroups: comp.sys.apollo Subject: re: Apollo problem list / tirade... Message-ID: <9102261846.AA08663@pan.ssec.honeywell.com> Date: 26 Feb 91 18:46:34 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 81 <> > from: umix.cc.umich.edu!apollo-request > subj: re: Apollo problem list / tirade... > date: Mon, 25 Feb 91 13:09:02 -0700 > sender: davidy@hwcae.cfsat.honeywell.com (David Young) > to: apollo@umix.cc.umich.edu davidy@hwcae.cfsat.honeywell.com > sent: 02/25/1991 5:43 pm (CST) > sender: pan!daemon > ------- **| > > Subject: Re: Apollo problem list / tirade... > Newsgroups: comp.sys.apollo > Summary: There is a template file! > References: <9102222205.AA08742@pan.ssec.honeywell.com> > > >> Problem List: > >> (inprot) > But there is a template file! Read the release notes: > > 2.5.3 New Template File for ACLs > > We have included a "canned" template file that you can use with the > inprot (install protections) tool to change open Domain/OS ACLs to > closed. The file is located in: > > /install/templates/apollo/os.v.10.2/ip.closed_sysv > > The inprot tool is located in: > > /install/tools/inprot > > For more information about inprot, see Installing Software with > Apollo's Release and Installation Tools (008860-A02). > > The template file *also* comes with the SR10.3 RAI tapes. At least its a start! You're right! I must have missed that in the notes. It appears that other people have also, since you're the first person (including HP/Apollo) who's mentioned it. Now that I've given credit for their having done _something_, let's complain. 1) Where are other templates? There's only *1* template file, which is sys5 closed. What about bsd4.3 and/or Aegis? (I will grant, there's a lot of Aegis and bsd entries in the template. Does that mean that it's really a 'large' inprot template file?) 2) What I would have _LIKED_ to see would have been something similar to what I ended up writing. They have a template with 9083 object entries (not counting initial ACLs). I have a hard time following/using this. It seems better (IMHO) to have a single entry that covers an entire subtree. For instance, F /com/... P root pwrx G staff wrx O none j W % rx sets up protections on every file in '/com'. Probably, there will be some entries that you want to have different prots on. You can then (right afterward) go and have another entry for those (few) objects. Net result should be MANY fewer entries. 3) This is a closed, secure, acl template!!!???!!!??? - /bsd4.3/usr/lib/ex3.7preserve is setuid root. This shouldn't be bad, but is there a need for it? It's run by /etc/rc. That's already root. Why invite the _possibility_ of a hole? - /etc/find_orphans is setuid root. As above -- WHY? - /etc/lprotect is setuid root and _world_ executable. WHY??? The program does not seem to check anything before changing the remote-root access. This is not a security hole, but it's certainly a nuisance! - LOTS of other setuid entries are around. They appear to be ones which aren't harmful, but I'm not sure. Again, I'd _LIKE_ to see an explanation for why certain programs (or sets of programs) need to be setuid. - I think that I've found a probable error caused by a set of setuid's and likely behaviors. (Enuff said -- I won't utter more). -- jt -- John Thompson Honeywell, SSEC Plymouth, MN 55441 thompson@pan.ssec.honeywell.com Me? Represent Honeywell? You've GOT to be kidding!!! Brought to you by Super Global Mega Corp .com