Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!uunet!iczer-1!emm
From: emm@iczer-1.UUCP (Edward M. Markowski)
Newsgroups: comp.sys.3b1
Subject: Re: 3b1 security and removal of ua
Keywords: ua security
Message-ID: <584@iczer-1.UUCP>
Date: 9 Apr 91 02:22:11 GMT
References: <375@unx-pc.UUCP> <927@jonlab.UUCP>
Reply-To: emm@iczer-1.UUCP (Edward M. Markowski)
Organization: The Kurowulf Empire
Lines: 20

In article <927@jonlab.UUCP> jon@jonlab.UUCP (Jon H. LaBadie) writes:
|Guess which user id, and in which directory the program is executed;
|
|You security hounds are right: by root and in the root directory.
|
|So, essentially, anyone with access to your C compiler has access to
|your entire machine!

This is only a problem if the user also has access to the console.

You might be able to close this hole by securing(sp?) /dev/error,
I don't think joe user does really needs access to /dev/error.
-- 
-------------------------------------------------------------------------------
Edward M. Markowski -- iczer-1 Administrator

                                 ...the garage is flooded from the sprinkler.
VOICE : (201) 478-6052           It also left a man's decapitated body, lying
UUCP  : ..!uunet!iczer-1!emm     on the floor next to his own severed head.
 -or- : ..!tronsbox!iczer-1!emm  A head which at this time has no name.