Xref: utzoo comp.unix.wizards:6306 comp.arch:3260
Path: utzoo!utgpu!water!watmath!clyde!rutgers!rochester!cornell!uw-beaver!tektronix!orca!tekecs!frip!andrew
From: andrew@frip.gwd.tek.com (Andrew Klossner)
Newsgroups: comp.unix.wizards,comp.arch
Subject: ITS translations: security problem?
Message-ID: <9690@tekecs.TEK.COM>
Date: 29 Jan 88 17:31:19 GMT
References: <1495@osiris.UUCP: <2126@haddock.ISC.COM> <1497@osiris.UUCP> <704@PT.CS.CMU.EDU> <1424@gumby.mips.COM>
Sender: nobody@tekecs.TEK.COM
Organization: Tektronix, Wilsonville, Oregon
Lines: 13

[]

	"Suppose you wanted to change rm.  Adding an alias, or an rm
	command in your path doesn't suffice because some scripts etc.
	say /bin/rm.  So you add s|^/bin/rm$|/user/me/bin/rm| to your
	translation list."

What about the security implications?  Under Unix, I could use these
translations to spoof setuid programs, e.g., make my own /etc/passwd
then invoke /bin/su.

  -=- Andrew Klossner   (decvax!tektronix!tekecs!andrew)       [UUCP]
                        (andrew%tekecs.tek.com@relay.cs.net)   [ARPA]