Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!news.cs.indiana.edu!msi.umn.edu!noc.MR.NET!gacvx2.gac.edu!dan
From: dan@gacvx2.gac.edu
Newsgroups: comp.unix.admin
Subject: Re: Possible security problem, need information..
Message-ID: <1991Mar20.191246.168@gacvx2.gac.edu>
Date: 20 Mar 91 19:12:46 -0600
References: <1991Mar19.194216.5763@kithrup.COM> <873@optima.cs.arizona.edu>
Organization: Gustavus Adolphus College, St. Peter, Minnesota
Lines: 25

> The sticky bit is NOT (repeat NOT) implemented on all systems.  If the
> sticky bit is implemented CORRECTLY, then the worst I can do is create
> a file in /, and make it grow till "/" fills up.  This is good for a
> crash on some systems :-)
> 
> However, if the sticky bit is unimplemented, or is implemented half
> heartedly, then you can move files you own on top of files someone else
> owns (even though you may not be able to rm files owned by others).

The sticky bit works quite well on the system with the problem.  Even with the
protection set to 1777 the system was hard to break.  I had to use holes in
programs that were supplied by third parties to break into the system.  The
version of Emacs that I have and a communications program with a "rc" script
were to of the ways I found to break in.  Emacs didn't check the owner of
.emacsrc.  In both cases "root" had to be tricked into running the scripts.  I
still think that leaving the root set to 1777 is a bad idea, and I have been
given instructions by the vendor that will allow me to set the root set to 755. 
The vendor did a good job fixing the hole opened up by the protection, however
they cannot fix things they have no control over.

-- 
Dan Boehlke                    Internet:  dan@gac.edu
Campus Network Manager         BITNET:    dan@gacvax1.bitnet
Gustavus Adolphus College
St. Peter, MN 56082 USA        Phone:     (507)933-7596