Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!pasteur!agate!saturn!ucscc.UCSC.EDU!haynes
From: haynes@ucscc.UCSC.EDU (99700000)
Newsgroups: comp.unix.wizards
Subject: Re: Crackers and Worms
Message-ID: <5535@saturn.ucsc.edu>
Date: 19 Nov 88 07:12:19 GMT
References: <1308@zippy.eecs.umich.edu> <6491@csli.STANFORD.EDU> <4820@bsu-cs.UUCP>
Sender: usenet@saturn.ucsc.edu
Reply-To: haynes@ucscc.UCSC.EDU (Jim Haynes)
Organization: California State Home for the Weird
Lines: 16

In article <4820@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes:
>
>The trouble is that once you are daemon, you can queue an "at" job to
>be executed as root.
>
As soon as I get a new system (with source) I apply a 2-line patch
to atrun.c such that, right before the setuid() call, if the uid
is going to be root it exits.  A side effect is that it leaves the
offending file in /usr/spool/at/past, so you can examine it at your
leisure.  Not that I've had that many to examine...
haynes@ucscc.ucsc.edu
haynes@ucscc.bitnet
..ucbvax!ucscc!haynes

"Any clod can have the facts, but having opinions is an Art."
        Charles McCabe, San Francisco Chronicle