Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!qt.cs.utexas.edu!yale.edu!think.com!spool.mu.edu!caen!zaphod.mps.ohio-state.edu!menudo.uh.edu!buster!chemsh!chemsh.uucp!dla
From: dla@chemsh.uucp (Doug Acker)
Newsgroups: comp.sys.apollo
Subject: edrgy Secuity Hole
Message-ID: <1991Jun27.165533.6066@chemsh.uucp>
Date: 27 Jun 91 16:55:33 GMT
Sender: root@chemsh.uucp
Reply-To: dla@chemsh.uucp (Doug Acker)
Organization: ChemShare
Lines: 16

I was doing some testing with edrgy and found that even in
closed systems, it comes with a 755 protection.  Which means
anyone can run it.  

Any user can log in, run edrgy, change the root password and
be on his merry way.  I quickly changed all ours to 700.

-- 


Douglas L. Acker

ChemShare Corporation
DesignMaster Division

dla@chemsh.UUCP       713-267-5602