Xref: utzoo comp.unix.admin:1567 comp.unix.wizards:24801 comp.unix.internals:2522
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!elroy.jpl.nasa.gov!usc!rpi!batcomputer!cornell!uw-beaver!zephyr.ens.tek.com!tektronix!reed!bob
From: bob@reed.UUCP (Bob Ankeney)
Newsgroups: comp.unix.admin,comp.unix.wizards,comp.unix.internals
Subject: SECURITY Concerns for Unix systems
Message-ID: <16313@reed.UUCP>
Date: 10 Apr 91 15:44:27 GMT
Organization: Reed College, Portland OR
Lines: 16


     A recently posted program brings up a common security problem with Unix
systems - that of read permissions on disk devices in /dev.  The posted program
allows files to be read from any filesystem with read permission to the user.
The filesystem need not be mounted.  Now might be a good time to check
permissions on your system!
     Speaking of permissions, I've noticed a number of Unix systems with mode
777 on the root directory!  This is an easy in for anyone wanting super-user
access.  I've noticed this on both AT&T and NCR unix boxes.


----------------------------------------------------------------------
Bob Ankeney                    | "Yield and overcome.                |
...!tektronix!reed!bob         |  Bend and be straight.              |
...!tektronix!bob@reed.BITNET  |  Empty and be full."    - Lao Tzu   |
----------------------------------------------------------------------