Aucbvax.5296
net.2bsd-bugs
utzoo!decvax!ucbvax!purdue!cak
Tue Nov 24 01:08:32 1981
berknet security hole
We have recently finished putting berknet up between 6 machines
on campus (with plans to add many more), and have discovered
what we consider to be a gaping security hole, namely the -y
flag on the net command. Via this flag, a super-user can become
anyone on the remote machine, and grab any file he/she
wishes. Maybe this isn't a problem for you (though it would
surprise me if it was not), but a number of people here have
already grumbled about it. Can you explain why this has to
be there, and how it might be disabled?

We also found that anyone could execute sendberkmail directly
with the -f flag, thus masquerading at will as anyone. This
was fixed by adding the code from delivermail and/or v6mail
that did the checking to allow only root, network, and uucp
to invoke -f.

We have disabled all commands for root (except mwrite) to 
close the most obvious path for cross-machine super-users,
but the -y option is not so easy to close up. 

Chris Kent, Purdue University CS Dept.