Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!genrad!decvax!ucbvax!sdcsvax!nosc!humu!uhccux!todd
From: todd@uhccux.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: /etc/rc, security ...
Message-ID: <439@uhccux.UUCP>
Date: Tue, 21-Apr-87 18:38:31 EST
Article-I.D.: uhccux.439
Posted: Tue Apr 21 18:38:31 1987
Date-Received: Thu, 23-Apr-87 02:38:42 EST
References: <623@rna.UUCP>
Reply-To: todd@uhccux.UUCP (The Perplexed Wiz)
Organization: U. of Hawaii, Manoa (Honolulu)
Lines: 21

In article <623@rna.UUCP> dan@rna.UUCP (Dan Ts'o) writes:
>	I did a PS on our 4.2BSD system today and found extra copies of
>/etc/update, cron and a few other running, owned by one of our users. I am
>surprised that all sorts of system daemons are executable by non-root uids.
>I know I could go through each one a chmod them but it seems strange to me
>that the system would be distributed in this manner.

I think this was discussed on the net not too long ago....but....

It seems that BSD releases are full of weird security holes as delivered.
I know I spent weeks closing up holes in Ultrix (a mutation of 4.2bsd)
before I was willing to have more than a few "real" users use the VAX.

I guess the UCB folks are not too concerned with security...Maybe each
person has their own VAX or Sun... :-) ....todd

-- 
Todd Ogasawara, U. of Hawaii Computing Center
UUCP:		{ihnp4,seismo,ucbvax,dcdwest}!sdcsvax!nosc!uhccux!todd
ARPA:		uhccux!todd@nosc.MIL
INTERNET:	todd@uhccux.UHCC.HAWAII.EDU