Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!caen!ox.com!yale!cs.yale.edu!yarvin-norman
From: yarvin-norman@cs.yale.edu (Norman Yarvin)
Newsgroups: comp.sys.3b1
Subject: Re: 3b1 security and removal of ua
Message-ID: <29990@cs.yale.edu>
Date: 12 Apr 91 01:22:36 GMT
References: <375@unx-pc.UUCP> <927@jonlab.UUCP> <584@iczer-1.UUCP>
Sender: news@cs.yale.edu
Lines: 10
Nntp-Posting-Host: turquoise.systemsx.cs.yale.edu
Originator: yarvin@turquoise.CS.Yale.Edu

>You might be able to close this hole by securing(sp?) /dev/error,

The security hole is caused by smgr, which reads /dev/error and puts up the
icon.  It can't be closed by not running smgr as root, since smgr needs to
run as root to perform the functions of cron.  It can be closed by not
running smgr, and instead running Mike Ditto's 'errdemon', which reads
/dev/error and writes entries to a log file.

--
Norman Yarvin					yarvin-norman@cs.yale.edu