Path: utzoo!attcan!uunet!lll-winken!brutus.cs.uiuc.edu!samsung!cs.utexas.edu!ut-emx!mic
From: mic@ut-emx.UUCP (Mic Kaczmarczik)
Newsgroups: comp.sys.next
Subject: Re: Can I stop everyone from resetting the system clock?
Summary: remove the setuid bit from Preferences
Message-ID: <25424@ut-emx.UUCP>
Date: 2 Mar 90 17:15:41 GMT
References: <2170@milton.acs.washington.edu>
Reply-To: mic@emx.utexas.edu (Mic Kaczmarczik)
Organization: UT Austin Computation Center, Unix/VMS/Cyber Services
Lines: 24

>In article <2170@milton.acs.washington.edu> pentch@milton.acs.washington.edu (Dean Pentcheff) writes:
>On the Next that I adminstrate, we've just discovered that any user
>(via Preferences) can reset the system clock to any arbitrary value.
>This is unacceptable.

Yes, it is.  A way to disable this might be to remove the set-uid
protection bit from Preferences (e.g. chmod 775
/NextApps/Preferences). This way, anything in Preferences that
requires Unix superuser permissions (like changing the @!#&^% boot
disk) will fail unless the *superuser* does it.  Anything Preferences
does to a user's home directory should still work. 

I haven't tried this, but in general, one sure way to keep an
incautious setuid program from messing up your system is to remove the
setuid bit entirely.  Alternatively, perhaps NeXT should consider
requiring you to type in the system administrator password before
setting things that affect the entire system. 
-- 
Mic Kaczmarczik                                   mic@emx.utexas.edu (Internet)
Unix/VMS/Cyber Services                                     mic@utaivc (BITNET)
UT Austin Computation Center                ...!cs.utexas.edu!ut-emx!mic (UUCP)
COM 1/UT Austin/Austin TX 78712              ``Good tea.  Nice house.'' -- Worf

Please direct consulting questions to gripe@{emx,ix2,ccwf,iv1} as appropriate.