Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!usc!jarthur!nntp-server.caltech.edu!andy
From: andy@cs.caltech.edu (Andy Fyfe)
Newsgroups: comp.sys.3b1
Subject: Re: COPS security audit and the unix pc. (and kermit)
Message-ID: <1991Mar27.024722.2202@nntp-server.caltech.edu>
Date: 27 Mar 91 02:47:22 GMT
References: <1991Mar23.004007.2024@shibaya.lonestar.org> <1991Mar26.225255.6048@ferret.ocunix.on.ca>
Sender: news@nntp-server.caltech.edu
Organization: California Institute of Technology
Lines: 19

In article <1991Mar26.225255.6048@ferret.ocunix.on.ca> clewis@ferret.ocunix.on.ca (Chris Lewis) writes:
>In article <1991Mar23.004007.2024@shibaya.lonestar.org> afc@shibaya.lonestar.org (Augustine Cano) writes:
>>One directory that CANNOT be treated in this manner is /usr/spool/uucp.
>>I tried it and kermit couldn't then set or clear locks.
>>This one has to be ignored; as I said above certain programs might not be
>>able to access locks if this is changed.
>
>The real solution is to fix Kermit.  Or use HDB (where the lock directory
>can be made world writable but not everything else)

Recent versions of kermit can be make setuid.  On my system, kermit is
setuid uucp, and /usr/spool/uucp is owned by uucp.  Kermit has no trouble
making and removing locks.  It is also quite paranoid about permissions,
so it's fairly safe as far as setuid programs go.  The current version,
5A(166), is available on csvax.cs.caltech.edu in the directory pub/3b1
(for those who have anonymous ftp).  A possibly-not-quite-so-up-to-date
version is available in the OSU archives (as kermit2).

Andy Fyfe					andy@cs.caltech.edu