Path: utzoo!utgpu!watmath!uunet!cs.utexas.edu!rutgers!tut.cis.ohio-state.edu!n8emr!uncle!jbm
From: jbm@uncle.UUCP (John B. Milton)
Newsgroups: unix-pc.general
Subject: Re: security (was Re: crontab Daemon-from-Hell)
Message-ID: <537@uncle.UUCP>
Date: 5 Jun 89 05:51:36 GMT
References: <19071@cup.portal.com> <14373@bfmny0.UUCP> <1526@sialis.mn.org> <1528@sialis.mn.org> <14270@watdragon.waterloo.edu>
Reply-To: jbm@uncle.UUCP (John B. Milton)
Organization: U.N.C.L.E.
Lines: 19

In article <14270@watdragon.waterloo.edu> hjespersen@trillium.waterloo.edu () writes:
>In article <1528@sialis.mn.org> rjg@sialis.mn.org (Robert J. Granvin) writes:
>
>>The original points were actually correct.  But to add onto it, many
>>of you will notice that / has permissions of 777.  
>
>Not on _my_ system. Give me any valid login and a / that is 777 and
>I'll have root in about 30 seconds. 

One of several hundred different ways around security on the UNIXpc. To tighten
security you have to start off by removing ua and smgr from the system, then
you have a chance of getting the UNIXpc security to approach that of most other
SYSV boxes


John
-- 
John Bly Milton IV, jbm@uncle.UUCP, n8emr!uncle!jbm@osu-cis.cis.ohio-state.edu
(614) h:294-4823, w:764-2933; N8KSN, AMPR: 44.70.0.52; Don't FLAME, inform!