Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!apple!oliveb!pyramid!csg
From: csg@pyramid.pyramid.com (Carl S. Gutekunst)
Newsgroups: comp.sys.sequent
Subject: Re: Re^2: Systech tty hangup "fixed".
Keywords: hangup tty systech
Message-ID: <72460@pyramid.pyramid.com>
Date: 2 Jun 89 16:18:16 GMT
References: <948@maestro.htsa.aha.nl> <72334@pyramid.pyramid.com> <954@maestro.htsa.aha.nl>
Reply-To: csg@pyramid.pyramid.com (Carl S. Gutekunst)
Organization: Pyramid Technology Corp., Mountain View, CA
Lines: 11

In article <954@maestro.htsa.aha.nl> jand@htsa.UUCP (Jan Derriks) writes:
>	I think if a user 'forgets' to log off it's  *his* security
>	problem (unless he has euid==0).

You can't be serious. I know of a dozen different ways on 4.2BSD where if you
are *any* user, you can trivially become root, uucp, and a number of other in-
teresting UIDs -- and I'm no security expert. Sequent has probably fixed some
of these, but many security holes rely on a watchful system administrator to
plug them. What are your permissions on /usr/spool/at, for instance? 

<csg>