Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!tut.cis.ohio-state.edu!ucbvax!ziploc!eps
From: eps@toaster.SFSU.EDU (Eric P. Scott)
Newsgroups: comp.sys.next
Subject: Re: 40BM accelerator and setuid problems
Message-ID: <218@toaster.SFSU.EDU>
Date: 4 Jan 90 00:58:28 GMT
References: <9494@batcomputer.tn.cornell.edu>
Reply-To: eps@cs.SFSU.EDU (Eric P. Scott)
Organization: San Francisco State University
Lines: 76

In article <9494@batcomputer.tn.cornell.edu>
	rogerj@tcgould.tn.cornell.edu (Roger Jagoda) writes:
>1)We have just received our first shipment of the 40MB
>"accelerator" drives.

Lucky you.  We didn't receive the forms until just before
Christmas, and sent them in yesterday.   6 to 8 weeks, sigh.

>3) I noticed several programs under /NextApps are set-uid. Is this
>dangerous?

Sometimes.  It depends whether it's there because it's needed for
program functionality, or because NeXT thought their customers
were going to be PC-minded B-Land clones that don't "want"
security (as opposed to "point and click ease of use").

>--BuildDisk     #Do I want ANYONE running this? What about my
>                  network drives?

No to the first, and "not a problem" to the second.
Do  chmod o= /NextApps/BuildDisk

There's no real magic in /NextApps/BuildDisk--it runs
/usr/etc/builddisk and pipes the output into a ScrollView.
The "real" builddisk is *not* setuid, and only works for
root anyway.

>--Preferences   #Do I want just anyone setting the TZ and system
>                  clock? If this isn't setuid, will users still
>                  be able to set their passwords?

No.  Do  chmod 755 /NextApps/Preferences
Get NTP if you don't already have it, use that to set your clocks.
(Unless you have a standalone machine, and want to run the
FrameMaker demo, heh heh).  Passwords are handled by netinfo, so
yes, they can still change their passwords.

>--PrintManager  #I CERTAINLY don't want users configuring any of
>                  the printers on the net!

Printer configuration is handled by netinfo.  The "problem" here
has nothing to do with the setuid-ness of PrintManager.  Do
niutil -destroyprop . /printers _writers
                    ^ or whatever
to fix another NeXT goof.  Leave PrintManager alone.

>--Shell         #This program and Terminal is setuid. Why? I have
>                  seen where this can leave a user as root (really,
>                  with a <hostname># prompt to boot! Can I strip
>                  this off and still have it run properly?

Leave these alone.  They need read-write access to /etc/utmp.
(I have seen users suddenly start getting root shells, but that's
 indicative of deeper problems.)

>The same concerns are echoed for the five programs under /NextAdmin.
> 
>--MailManager, NetManager, UserManager are all world executeable
>AND setuid. Do I want to strip these or do they HAVE to be this way?

Leave these alone.  They all run Security Check Panels if run by
anyone who's not root.

>I'm not usre I want the users running UserManager! Also, NetInfoManager
>is WORLD executable as well, is this necessary?

NetInfoManager doesn't do anything not available by other means.
Leave it alone too.

[ You're no doubt wondering, is anyone collecting this sort of
  stuff?  Yes, and I'm currently working on a document detailing
  how the SFSU Academic Computing cluster was set up.  Not all,
  but most of the security-related issues will be discussed
  therein.  More later this month. ]

					-=EPS=-