Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!wuarchive!udel!princeton!jonlab!jon
From: jon@jonlab.UUCP (Jon H. LaBadie)
Newsgroups: comp.sys.3b1
Subject: Re: 3b1 security and removal of ua
Summary: trojan horse possibilites expand the problem
Keywords: ua security
Message-ID: <929@jonlab.UUCP>
Date: 10 Apr 91 14:35:01 GMT
References: <375@unx-pc.UUCP> <927@jonlab.UUCP> <584@iczer-1.UUCP>
Organization: 4455 Province Line Rd., Princeton, NJ 08540
Lines: 35

In article <584@iczer-1.UUCP>, emm@iczer-1.UUCP (Edward M. Markowski) writes:
> In article <927@jonlab.UUCP> jon@jonlab.UUCP I, Jon H. LaBadie wrote:
> |Guess which user id, and in which directory the program is executed;
> |
> |You security hounds are right: by root and in the root directory.
> |
> |So, essentially, anyone with access to your C compiler has access to
> |your entire machine!

Ed replied:

> This is only a problem if the user also has access to the console.

Well, then again, I could schedule a trojan horse to run when YOU, who
does have access to the console clicks on the icon.  In fact, with one
of the other parameters to eprintf(3T), I can specify who sees the icon.

I think this widens the problem to anyone with access to the system.

> You might be able to close this hole by securing(sp?) /dev/error,
> I don't think joe user does really needs access to /dev/error.

You may be correct.  However, the designers of the safari 4 seemed to
expect that the device would be widely available.  Thus, mail and pcal
can get their icons up on the status line.  Other equally non-privledged
programs can also get messages there.

Break the chain, and you may enhance security, but you may also degrade
useability of the system.  Boy, isn't that the general trade-off?

Jon

-- 
Jon LaBadie
{att, princeton, bcr, attmail!auxnj}!jonlab!jon