Xref: utzoo comp.unix.programmer:1305 alt.sources.d:1607 Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!natinst!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.programmer,alt.sources.d Subject: Re: -x implementations Message-ID: <19103@rpp386.cactus.org> Date: 13 Mar 91 13:30:22 GMT References: <1991Mar08.194702.5369@kithrup.COM> <19101@rpp386.cactus.org> <1991Mar13.042033.12450@convex.com> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cafe and BBS Service Lines: 41 X-Clever-Slogan: Recycle or Die. In article <1991Mar13.042033.12450@convex.com> tchrist@convex.COM (Tom Christiansen) writes: >I maintain that both "auth" and "sysadmin" give you indirect >root privileges. With auth, you can create accounts or modify >existing ones. With sysadmin, you can mount arbitrary things >at arbitrary points, do dumps and restores etc. I'm sure you >see how both of these quickly allow you to do anything you want. >Secureware has only replaced one all-powerful account with >several all-minus-one-powerful accounts, and anyone with >6 months experience at UNIX knows how to add that one back in. No, I actually =don't= see how an understanding of =normal= UNIX implies that you can do anything in particular to an =abnormal= version of UNIX. Consider, just as an example, that I could implement the "mount" system call in such a way that any privileged commands on that volume wouldn't be treated as privileged until a privileged system utility had verified that the volume was in an acceptable state. So "sysadmin" lets you mount some disk - big deal. Perhaps "sysadmin" also lets you crash the machine by unmounting critical volumes or over-mounting others. A quick look at the audit logs will reveal what happened. And yes, if you can create privileged accounts (via "auth") then you can do anything you want - which is the purpose of a privileged account. True, but not very interesting since the goal is then to become "auth". If "sysadmin" somehow lets you become "auth", then you might have something there. If all "sysadmin" lets you do is make "sysadmin"-like mistakes on purpose, again, not very interesting. SecureWare, not being a formally evaluated product, probably has =many= little holes, and if this is one of them, point out how I can become "auth" with just access to "sysadmin" and then we can sit back and have a good laugh at SecureWare. -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "I've never written a device driver, but I have written a device driver manual" -- Robert Hartman, IDE Corp.