Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site cuae2.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!cuae2!heiby
From: heiby@cuae2.UUCP (Ron Heiby)
Newsgroups: net.micro.att
Subject: Re: S-bit set on UnixPC mv
Message-ID: <397@cuae2.UUCP>
Date: Wed, 31-Jul-85 12:16:41 EDT
Article-I.D.: cuae2.397
Posted: Wed Jul 31 12:16:41 1985
Date-Received: Fri, 2-Aug-85 00:23:44 EDT
References: <1284@cwruecmp.UUCP>
Reply-To: heiby@cuae2.UUCP (-Ron Heiby)
Organization: AT&T-IS, /app/eng, Lisle, IL
Lines: 22

In article <1284@cwruecmp.UUCP> rob@cwruecmp.UUCP (rob robertson) writes:
>
>A friend of mine noticed this, but the way at&t ships the Unix Pc software,
>the set uid bit on /bin/mv is set, and it is owned by root.  He seems to
>think that this is a "back door" for the telephone support people, but it's
>a giant security breach, especially to those people at&t is trying to market
>to, business people who know little or nothing about Unix.

I can't explain why /bin/mv is suid to root.  I don't know why it should
be necessary.  But, I did try to use it to move something in a directory
to which I didn't have write access and it refused, saying that I didn't
have write access to the directory.

There is another situation that allows the /etc/passwd forgery, though.  That
is the permissions on the /etc directory.  They are 777.  The root directory
permissions on my system are also 777.  This has been reported and will likely
be fixed in the next release.  In the mean time, it would be a good idea to
take a look at various critical directories and make sure that they are
protected.
-- 
Ron Heiby	heiby@cuae2.UUCP	(via ihnp4)
AT&T-IS, /app/eng, Lisle, IL	(312) 810-6109