Path: utzoo!attcan!uunet!convex!killer!ames!mailrus!ukma!gatech!emory!km
From: km@emory.uucp (Ken Mandelberg)
Newsgroups: comp.unix.aux
Subject: Security on A/UX
Message-ID: <3242@emory.uucp>
Date: 30 Sep 88 23:04:24 GMT
Organization: Math & Computer Science, Emory University, Atlanta
Lines: 25

We are starting to think about using A/UX for student Unix workstations
in our lab. One concern in this environment is security. There are
probably lots of issues to consider but the first one that comes to
mind is the floppy disk.

1) It would seem that a student could do mischief by putting in a MacOS
systems floppy and pushing reset. Once in MacOS he could have his way
with the hard disk. Is there a way to disable boots from floppy without
physically disconnecting it?

2) Even from A/UX the floppy is a problem. It seems a shame not to
allow students to have small personal filesystems on floppy, but if
mount access is allowed there is little to stop the student from
presenting a file system with a setuid program on it. I guess the thing
to do here is write a setuid frontend to mount that does a fsck, mounts
only in a prescribed place, and searches the floppy for setuid
program.


What are the other security issues to consider?
-- 
Ken Mandelberg      | km@mathcs.emory.edu          PREFERRED
Emory University    | {decvax,gatech}!emory!km     UUCP 
Dept of Math and CS | km@emory                     NON-DOMAIN BITNET  
Atlanta, GA 30322   | Phone: (404) 727-7963