Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!princeton!jonlab!jon
From: jon@jonlab.UUCP (Jon H. LaBadie)
Newsgroups: comp.sys.3b1
Subject: Re: 3b1 security and removal of ua
Summary: I've never seen this mentioned
Keywords: ua security
Message-ID: <927@jonlab.UUCP>
Date: 8 Apr 91 13:27:37 GMT
References: <375@unx-pc.UUCP>
Organization: 4455 Province Line Rd., Princeton, NJ 08540
Lines: 28


The recent discussion of security on the 3B1 (is that an oxymoron?)
caused me to recall that I've never seen this particular hole posted.

There is a function in the TAM library, eprintf(3T), that is used to
print error messages.  It is how the ! and !! icons get on the first
line of your screen.  Also, the calendar icon if you are using the
pcal program.

I believe eprintf writes to /dev/error, which is read by smgr.

It all seems pretty innocuous, display an icon, print a message when
a user clicks on the icon.  No danger there.

EXCEPT, one of the arguments to eprintf(3T) is what to do when the
user clicks on the icon.  And one of the possibilities is ST_EXEC;
execute a program!!!

Guess which user id, and in which directory the program is executed;

You security hounds are right: by root and in the root directory.

So, essentially, anyone with access to your C compiler has access to
your entire machine!

Sleep comfortably last night?

Jon