Xref: utzoo comp.unix.wizards:6427 comp.arch:3350
Path: utzoo!mnetor!uunet!husc6!bbn!uwmcsd1!ig!agate!ucbvax!hplabs!sdcrdcf!csun!csuna!aeusesef
From: aeusesef@csuna.UUCP (sean fagan)
Newsgroups: comp.unix.wizards,comp.arch
Subject: Re: ITS translations: security problem?
Message-ID: <1047@csuna.UUCP>
Date: 7 Feb 88 01:15:24 GMT
References: <1495@osiris.UUCP: <2126@haddock.ISC.COM> <1497@osiris.UUCP> <704@PT.CS.CMU.EDU> <1424@gumby.mips.COM> <9690@tekecs.TEK.COM> <16008@think.UUCP> <1515@osiris.UUCP>
Reply-To: aeusesef@csuna.UUCP (Sean Eric Fagan)
Organization: California State University, Northridge
Lines: 23
Keywords: translations security Elxsi EMBOS no problem!

>In article <9690@tekecs.TEK.COM> andrew@frip.gwd.tek.com (Andrew Klossner) writes:
>	  So you add s|^/bin/rm$|/user/me/bin/rm| to your
>	translation list."

Well, our Elxsi (running EMBOS) has this feature, and, after seeing this, I
decided to try it.  I tried making my own copy of the password file (it's
unreadable by mere peons [and most of the support personel, grumble], so I
had to guess about the format from the documentation).  I then did an
'equate' (the translation scheme), telling it that '/systemfiles/groups'
should be accessed as '/user/1.fagan/mygroups'.  It seemed to work, when I
did a copy or anything like that, so I then tried a 'changeid' (su), but it
didn't allow it.  Sigh.  I would assume from my experiment that either I
screwed up the password format (probably), or there is a way of bypassing
the 'file equates' (also probably).  I thought of a few nice twists I could
do to test it, so all hope is not yet lost 8-).

 -----

 Sean Eric Fagan          Office of Computing/Communications Resources
 (213) 852 5742           Suite 2600
 1GTLSEF@CALSTATE.BITNET  5670 Wilshire Boulevard
                          Los Angeles, CA 90036
{litvax, rdlvax, psivax, hplabs, ihnp4}!csun!csuna!aeusesef