Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/3/84; site enmasse.UUCP
Path: utzoo!watmath!clyde!bonnie!akgua!mcnc!decvax!wanginst!ucadmus!harvard!talcott!panda!enmasse!mike
From: mike@enmasse.UUCP (Mike Schloss)
Newsgroups: net.unix-wizards
Subject: Re: Re: Re: Findsuid source (Re: Security an
Message-ID: <332@enmasse.UUCP>
Date: Fri, 1-Feb-85 20:04:54 EST
Article-I.D.: enmasse.332
Posted: Fri Feb  1 20:04:54 1985
Date-Received: Mon, 4-Feb-85 05:24:11 EST
References: <327@lsuc.UUCP> <6200045@uokvax.UUCP>
Organization: Enmasse Computer Corp., Acton, Mass.
Lines: 16

> Another problem with having a find-suid-programs program that runs based
> on crontab entries is that anyone can see when the find-suid-programs
> program is going to run next, and make their moves on that basis.
> 
> 		kurt

But what are they going to do about it.  I suppose that if they knew the
order in which file systems were traversed they might be able to move
their program to a safe area and back again when all clear but this seems
a little drastic.  Easier to just modify an existing suid-root program
(like su) to grant a specific user or password root access. 

CACM had an interesting article on this stuff a while back...
It amounted to this, once root has been comprimised just once,
the whole system is suspect unless everything is rebuilt from scratch,
from the distribution tape.