Xref: utzoo comp.unix.wizards:6379 comp.arch:3305
Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!ll-xn!husc6!bloom-beacon!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.unix.wizards,comp.arch
Subject: Re: ITS translations: security problem?
Message-ID: <16008@think.UUCP>
Date: 1 Feb 88 17:43:02 GMT
References: <1495@osiris.UUCP: <2126@haddock.ISC.COM> <1497@osiris.UUCP> <704@PT.CS.CMU.EDU> <1424@gumby.mips.COM> <9690@tekecs.TEK.COM>
Sender: usenet@think.UUCP
Reply-To: barmar@sauron.think.com.UUCP (Barry Margolin)
Organization: Thinking Machines Corporation, Cambridge, MA
Lines: 18

In article <9690@tekecs.TEK.COM> andrew@frip.gwd.tek.com (Andrew Klossner) writes:
>	  So you add s|^/bin/rm$|/user/me/bin/rm| to your
>	translation list."
>
>What about the security implications?  Under Unix, I could use these
>translations to spoof setuid programs, e.g., make my own /etc/passwd
>then invoke /bin/su.

Well, ITS doesn't have much security, and what little it did have
wasn't based on the contents of some particular file that was read by
the user's process.

However, to answer your question about how this could be done in Unix,
the answer is to not inherit translations in setuid processes.
Barry Margolin
Thinking Machines Corp.

barmar@think.com
uunet!think!barmar