Xref: utzoo comp.unix.admin:1578 comp.unix.wizards:24819 comp.unix.internals:2527
Newsgroups: comp.unix.admin,comp.unix.wizards,comp.unix.internals
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!casbah.acns.nwu.edu!navarra
From: navarra@casbah.acns.nwu.edu (John 'tms' Navarra)
Subject: Re: SECURITY Concerns for Unix systems
Message-ID: <1991Apr12.071620.23044@casbah.acns.nwu.edu>
Organization: Northwestern University
References: <16313@reed.UUCP> <2952@kirk.nmg.bu.oz.au>
Date: Fri, 12 Apr 1991 07:16:20 GMT
Lines: 35

In article <2952@kirk.nmg.bu.oz.au> bambi@kirk.nmg.bu.oz.au (David J. Hughes) writes:
>From article <16313@reed.UUCP>, by bob@reed.UUCP (Bob Ankeney):
>>      Speaking of permissions, I've noticed a number of Unix systems with mode
>> 777 on the root directory!  This is an easy in for anyone wanting super-user
>> access.  I've noticed this on both AT&T and NCR unix boxes.
>
>I have also seen this on Sun's running pre 4.x SunOS.  There may be a
>Sun in a back room somewhere that is a host for anyone wanting root
>access.

           SUN!!!!!! They ship their Unix with /etc/hosts.equiv with a + !!
 
     making it possible for ALL machines to have root privs on the thing!!!
     now how hard is it to take that out? Sounds pretty damn stupid to me.

     Not to mention all the other security holes they leave in --and don't
     tell you about!


>
>
>David
>+----------------------------------------------------------------------------+
>| David J. Hughes   (AKA bambi)	 |   bambi@kirk.bu.oz.au                     |
>| Senior Systems Programmer	 |   bambi@kirk.bu.oz.au@uunet.uu.net        |
>| Comms Development & Operations |   ..!uunet!munnari!kirk.bu.oz.au!bambi    |
>| Bond University, Gold Coast    |   Phone : +61 75 951450                   |
>| Queensland,  Australia  4229   |   Fax :   +61 75 951456                   |
>+----------------------------------------------------------------------------+


-- 
From the Lab of the MaD ScIenTiST:
      
navarra@casbah.acns.nwu.edu