Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 11/03/84 (WLS Mods); site astrovax.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!astrovax!richmon
From: richmon@astrovax.UUCP (Michael Richmond)
Newsgroups: net.micro.att
Subject: Sa package posted to net.sources and at security hole
Message-ID: <638@astrovax.UUCP>
Date: Thu, 29-Aug-85 09:01:21 EDT
Article-I.D.: astrovax.638
Posted: Thu Aug 29 09:01:21 1985
Date-Received: Sat, 31-Aug-85 07:31:29 EDT
Distribution: net
Organization: Princeton Univ. Astrophysics
Lines: 24

The accounting package I advertised a while back has been posted to
net.sources. Have fun with it, and let me know if I screwed up again.

There is a security problem with the at command I posted earlier:
because the atrun program gets the uid and gid it should set things
to from the file in /usr/spool/at, a user can use 'chown' to make
a file he submitted be owned by anyone (i.e. root) and so executed
with that uid! Obviously, this is not desireable if there are any
untrustworthy types who would be using the system. One fix is to
make the directory /usr/spool/at unwriteable, so that people can't
change files once they are submitted, but this is annoying if
you discover that you already did a long job and want to stop the
one you just submitted. I am working on a version that will check
the integrity of each command file in /usr/spool/at via a private
little file with some stuff in it BEFORE running anything, but
it strikes me to be a hack. Still, I'll repost the whole thing
when I'm done. The real problem is System V's 'chown' command
(so those systems without it, ignore all this); can anyone think
of some cleaner way?

-- 
Michael Richmond			Princeton University, Astrophysics

{allegra,akgua,burl,cbosgd,decvax,ihnp4,noao,princeton,vax135}!astrovax!richmon