Path: utzoo!utgpu!attcan!lsuc!ncrcan!ziebmef!cks
From: cks@ziebmef.uucp (Chris Siebenmann)
Newsgroups: unix-pc.general
Subject: Re: /etc/shutdown permissions
Message-ID: <1988Nov24.010526.7665@ziebmef.uucp>
Date: 24 Nov 88 06:05:25 GMT
References: <234@safari.UUCP> <336@magnus.UUCP>
Reply-To: cks@ziebmef.UUCP (Chris Siebenmann)
Distribution: unix-pc
Organization: Ziebmef Public Access Unix, Toronto, Ontario
Lines: 26

In article <336@magnus.UUCP> mml@magnus.UUCP (Mike Levin) writes:
...
>It's also that way in release 3.51, *BUT* if you are NOT root, it gives the
>appearance of proceeding to do it's thing, and then it fails.  For example,
>it warns of killing active phone conversations, etc., but then when it tries
>to do it's thing, it fails for "unable to send signal to init".  So, it is
>probably safe.

 It will however shut down your lp spooling system; /usr/lib/lpshut is
setuid root, setgid bin, and world executable. For that matter, all of
the /usr/lib/lp* lp admin stuff is setuid and world executable, so
anyone can play with your line printer setup.

 I'll second the opinion of the person who called the 3B1 one of the
most unsecure Unix systems around straight out of the box. Numerous
important directories are world or group writeable, unsecure setuid
applications about, and other similiar problems exist. If you're
running any sort of public access site, you should take a good hard
look at your system for security holes (interested people can send me
mail and I'll write up a description of the holes I plugged here).

-- 
	"The hell I will!"	WHAK!	"Surpise, kid -- they retract!
	 Try that again and I'll kick you back. With my claws."
Chris Siebenmann		uunet!utgpu!{ontmoh!moore,ncrcan}!ziebmef!cks
cks@ziebmef.UUCP	     or	.....!utgpu!{,ontmoh!,ncrcan!brambo!}cks