Newsgroups: comp.os.minix
Path: utzoo!utgpu!cunews!dfs
From: dfs@doe.carleton.ca (David F. Skoll)
Subject: Re: MINIX Security
Message-ID: <dfs.669317926@scotty>
Sender: news@ccs.carleton.ca (news)
Organization: Carleton University, Ottawa, Canada
References: <47976@nigel.ee.udel.edu>
Date: 18 Mar 91 17:38:46 GMT

In <47976@nigel.ee.udel.edu> u27602@uy.ncsa.uiuc.edu (Jeffrey C. Ollie) writes:

>The book _Unix System Anministration_ by Evi Nemeth contains a short
>program called SUDO (SuperUser DO) that allows normal users to perform
>operations that normally only the root would be able to do.  Basically,
>it is a program that runs setuid root.

But don't you have to have root privileges to create a setuid-root file
in the first place?

In principle, MINIX security should be easy to break.  I've only had
my system for a couple of days, and have just glanced at the code, but
it seems that since the hardware (my PC-XT) does not have memory protection,
it should be possible to write an assembler program which hunts around for
the kernel's process table, figures out what's where, and manually changes
its uid to 0.  Practically, this might be quite messy.

--
David F. Skoll

Disclaimer: Don't try this at home, kids!