Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: comp.sys.att,comp.unix.wizards
Subject: Re: Security problem on UNIX PC's
Message-ID: <6478@brl-smoke.ARPA>
Date: Sat, 26-Sep-87 23:51:21 EDT
Article-I.D.: brl-smok.6478
Posted: Sat Sep 26 23:51:21 1987
Date-Received: Sun, 27-Sep-87 12:03:59 EDT
References: <54@quincy.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 13
Keywords: security, root, problem, unix-pc
Xref: mnetor comp.sys.att:1335 comp.unix.wizards:4530

In article <54@quincy.UUCP> lenny@quincy.UUCP (Lenny Tropiano) writes:
>Security problem #1:
>Security problem #2:
>Security problem #3:

The moral is, "privileges" (set-UIDness) should be given only to small,
isolated processes that carefully perform simple tasks, NOT to fancy
interactive interfaces.

Second moral:  It's hard to provide a guaranteed controlled environment
that is also featureful.  Chroot can help with this, but by the time
sufficient useful facilities are placed into the new environment, it's
not much safer than an uncontrolled environment.