Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site duke.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!harvard!talcott!panda!genrad!decvax!mcnc!duke!rrt
From: rrt@duke.UUCP (Russell R. Tuck)
Newsgroups: net.micro.att
Subject: Re: pc7300 security
Message-ID: <6047@duke.UUCP>
Date: Thu, 1-Aug-85 17:06:14 EDT
Article-I.D.: duke.6047
Posted: Thu Aug  1 17:06:14 1985
Date-Received: Sun, 4-Aug-85 04:46:20 EDT
References: <141@gwsd.UUCP>
Reply-To: rrt@duke.UUCP (Russell R. Tuck)
Organization: Duke University
Lines: 19

In article <141@gwsd.UUCP> revc@gwsd.UUCP (Bob Van Cleef) writes:
>There appears to be a lack of concern about security in the current
>implementation of the pc7300 User Agent.
...
>...............  If you are concerned about the destructive
>effects of a non-expert user that likes to "try things" then you
>must not allow them access to the User Agent at all!
>
>Comments?

You can take away many of the User Agent's powers (and some features, too),
by changing permissions on the file /usr/lib/ua/uasetx so that it is NOT
set user id (SETUID bit turned off).  The system is distributed with this
bit turned on.  The UA apparently uses this program to give itself root
privileges.

	Russ Tuck
	Duke University Computer Science Department
	{ihnp4,decvax}!duke!rrt