Xref: utzoo comp.unix.programmer:1358 alt.sources.d:1635 Path: utzoo!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!natinst!sequoia!rpp386!jfh From: jfh@rpp386.cactus.org (John F Haugh II) Newsgroups: comp.unix.programmer,alt.sources.d Subject: Re: -x implementations Message-ID: <19112@rpp386.cactus.org> Date: 18 Mar 91 13:08:31 GMT References: <668288533.3106@mindcraft.com> <1991Mar07.091123.13033@kithrup.COM> <1991Mar08.194702.5369@kithrup.COM> <19101@rpp386.cactus.org> Reply-To: jfh@rpp386.cactus.org (John F Haugh II) Organization: Lone Star Cafe and BBS Service Lines: 34 X-Clever-Slogan: Recycle or Die. In article peter@ficc.ferranti.com (Peter da Silva) writes: >Maybe, maybe not, but at least I'm paying attention. John, "auth" is a >*group*. Not a user. Anyone in group "auth" is effectively root. Sean >has admitted as much. It was a generic statement, Peter. Just because you have access does not mean twiddling some bit works. And yes, in this specific case, giving someone access to the user files by putting them in the group which is permitted to modify user accounts would seem to let them modify user accounts, no? There are a number of BSD programs which act differently for group "wheel" than "staff" or whatever - and yes, you could probably even go from group "wheel" to UID 0 with a minimum of effort - but the solution is very, very, simple. Don't give the privileges away in the first place. Back to SCO UNIX, judging from the complaints regarding the obscurity of the SCO/SecureWare features, it appears that one collection of C2 criteria which were violated with this system are the ones involving system documentation. If, for example, "auth" is some giant hole that shouldn't be opened up except by the criminally insane, the "Trusted Facility Manual" should point out the risks associated with group "auth" in a secure environment, and the test documentation should outline how SCO and SecureWare tested the system to locate these deficiencies or verify that the security policy was correctly implemented. With a real C2 system we wouldn't be having this discussion (unless the testing didn't catch some exceptional conditions) since it would have been laid out in black and white in the documents the system came with. It's kind of like the difference between Brand-X re-runs and Nick-At-Nite brand re-runs ... -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "I've never written a device driver, but I have written a device driver manual" -- Robert Hartman, IDE Corp.