Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!convex!swarren
From: swarren@convex.com (Steve Warren)
Newsgroups: comp.unix.amiga
Subject: Re: interesting feature on AMIX..
Keywords: unix security, amix security, setuid
Message-ID: <1991Jun24.173951.17552@convex.com>
Date: 24 Jun 91 17:39:51 GMT
References: <431@hfsi.UUCP> <1991Jun24.005213.944@convex.com> <432@hfsi.UUCP>
Sender: usenet@convex.com (news access account)
Organization: CONVEX Computer Corporation, Richardson, Tx., USA
Lines: 21
Nntp-Posting-Host: neptune.convex.com

In article <432@hfsi.UUCP> emcphers@manu.cs.vt.edu (Frank McPherson) writes:
>In article <1991Jun24.005213.944@convex.com> swarren@convex.com (Steve Warren) writes:
                               [...]
>>How about writing a daemon that runs quietly and secretly copies every floppy
>>that students mount, to the harddrive?  I think that this represents an
>>overwhelming reason to want root access to a small portion of students at any
>>university.  That is one reason why those protections are there.
>
>Normally, it isn't possible for the student to store things on the hard
>drives of the machines in question.
                               [...]
But then we're not talking about "normally," are we?  We are discussing
a security hole that allows anyone with one semester of OS knowledge to
become root on all of these machines (the ones with your custom floppy
filesystem hack on them).  Once you become root, forget about restrictions
of where you can store files.  There are none.  Root is the boss.
--
            _.
--Steve   ._||__
  Warren   v\ *|
             V