Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!rex!ukma!aunro!edm!geoff
From: geoff@edm.uucp (Geoff Coleman)
Newsgroups: comp.unix.aix
Subject: Re: Where does getty get its information?
Message-ID: <1991Apr11.222123.36169@edm.uucp>
Date: 11 Apr 91 22:21:23 GMT
References: <6411@awdprime.UUCP> <1991Apr08.154742.19459@edm.uucp> <6533@awdprime.UUCP>
Organization: Unexsys Systems Inc
Lines: 31

In article <6533@awdprime.UUCP> jfh@greenber.austin.ibm.com (John F Haugh II) writes:
>In article <1991Apr08.154742.19459@edm.uucp> geoff@edm.uucp (Geoff Coleman) writes:
>>	There is an APAR in for this problem and I believe a fix is also
>>now available which will allow permissions for ports to stay at 0666. 
>>
>>	For the last time SUID is not a fix!!!!!!!!!!!!!!!!
>
>
>Accessibility and security are opposites.  Serial ports should be secure
>since they are the mechanism used to gain access to the system.  That
>means that changes which make them more accessible generally will make
>the system less "secure".
>-- 
	I guess I should have made myself clearer by saying SUID to root
is not a fix. To tell somenone to set kermit to suid is asking for trouble.
Kermit can and wille scape to shells etc.

	What I've been asking for is to allow someone other than root to
own the ports but not just anybody. If I could have uucp own my 
bi-directional ports with permission 0660 and owned by uucp I would be 
happy. I can do this on SYS V r3 why not in AIX.

In conclusion neither suid to root nor 0666 permissions on a port
is an acceptable fix.

Geoff Coleman
Unexsys Systems

>John F. Haugh II      |      I've Been Moved     |    MaBellNet: (512) 838-4340
>SneakerNet: 809/1D064 |          AGAIN !         |      VNET: LCCB386 at AUSVMQ
>BangNet: ..!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)