Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!necntc!rayssd!unisec!dpw From: dpw@unisec.usi.com (Darryl P. Wagoner) Newsgroups: comp.sys.att,comp.unix.wizards Subject: Re: Security problem on UNIX PC's Message-ID: <1055@unisec.usi.com> Date: Fri, 25-Sep-87 19:51:12 EDT Article-I.D.: unisec.1055 Posted: Fri Sep 25 19:51:12 1987 Date-Received: Sun, 27-Sep-87 10:16:50 EDT References: <54@quincy.UUCP> Reply-To: dpw@unisec.USI.COM (Darryl P. Wagoner) Organization: UniSecure Systems, Inc. Newport, RI Lines: 33 Keywords: security, root, problem, unix-pc Xref: mnetor comp.sys.att:1327 comp.unix.wizards:4513 Yes, indeed these are problems. The mail hole can be fixed by my email program that I posted a month or so ago. It solves the problem by setting the user's id before it execs elm or mailx. If anyone would like a copy, drop me a line and I will mail it to you. I am going to offer ideas on other holes and solutions without spelling out how to expoit them. Please don't followup and try to show how bright you are by telling the world how to breakin with these hole. As I pointed out before the fire sale, the Unix PC has a few other security problems. Namely: /usr/lib/ua/uasetx and /usr/lib/ua/uasig one of these or maybe both can used for priviaged command from the UA. You can put a "EXEC -w -p $SHELL for your Unix System in your office and get a root shell. The only way to prevent this is to make a "super" group of those people that you trust and change mode of these commands to 4710 mode. Next, it seems that on 3.51 "/" is 777 mode. I will not point out the problem with that but you should fix it. Also, a generic System V hole. Don't use a .profile to startup a captive program such as a BBS or info about the system and how to get a account. These types of programs should be the default shell and must be compiled program (not scripts). -- Darryl Wagoner dpw@unisec.usi.com UniSecure Systems, Inc.; OS/2, No Unix! Newport, RI; (401)-849-0857 UUCP: {gatech|cbosgd|uiucdcs|ihnp4}!rayssd!unisec!dpw