Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!seismo!vrdxhq!bms-at!stuart
From: stuart@bms-at.UUCP
Newsgroups: comp.os.minix
Subject: Re: bug in su?? no fix
Message-ID: <373@bms-at.UUCP>
Date: Mon, 13-Apr-87 18:44:40 EST
Article-I.D.: bms-at.373
Posted: Mon Apr 13 18:44:40 1987
Date-Received: Wed, 15-Apr-87 03:29:42 EST
References: <5650004@wdl1.UUCP>
Organization: Business Management Systems, Inc., Fairfax, VA
Lines: 16
Summary: probably not a bug

In article <5650004@wdl1.UUCP>, kimery@wdl1.UUCP (Sam Kimery) writes:

> log in as a normal user. su to root. horse around for a while.  try to 
> logout.  surprise!  you drop back to the normal user, then you attempt
> to logout.  You then become root again!  Not quite what you had in mind.

The init program tries to find login on /usr/bin.
If there is no /usr/bin/login, init creates a super user shell.
While "horsing around", you probably unmounted /usr.  (Or mounted the
wrong filesystem on it.)

This is a serious security flaw as long as /etc/umount is unprotected
as it is in minix and /usr/bin is not on the root filesystem.  But then,
how secure can it be anyway when you can change floppies?
-- 
Stuart D. Gathman	<..!seismo!dgis!bms-at!stuart>