Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!uakari.primate.wisc.edu!crdgw1!barnett From: barnett@grymoire.crd.ge.com (Bruce Barnett) Newsgroups: comp.unix.admin Subject: Re: Possible security problem, need information... Message-ID: Date: 21 Mar 91 20:39:03 GMT References: <1991Mar18.200957.166@gacvx2.gac.edu> <1832@svin02.info.win.tue.nl> <9385@star.cs.vu.nl> Sender: news@crdgw1.crd.ge.com Reply-To: barnett@crdgw1.ge.com Organization: GE Corp. R & D, Schenectady, NY Lines: 40 In-reply-to: henk@cs.vu.nl's message of 20 Mar 91 21:42:37 GMT In article <9385@star.cs.vu.nl> henk@cs.vu.nl (Henk Smit) writes: > How strange it seems, I can't see an obvious security > gap in "drwxrwxrwt" on /. I think the greatest danger is adding a new file to / that didn't exist before. Sure the .cshrc, .profile, and .login files might be there. But what about: .forward .emacs .rhosts .mailrc .kshrc .Xdefaults .suntools .logout .twmrc .history .sh_history .dbxinit .xinitrc .cm.rc .xrdb .rnmac .mailcf .textswrc .indent etc., etc., The problem is - how do you know which .mumble files have to be protected, and how do you know if you found them all. Some programs don't document the .mumble files they use, and some of these files might allow someone to break into a root account. I am not saying that every one of these files, if world writable, would allow someone to break intro a root account, but some definately could. I bet there are a dozen more I left out. Do you REALLY feel save because of a sticky bit? Not me. -- Bruce G. Barnett barnett@crd.ge.com uunet!crdgw1!barnett