From owner-freebsd-hackers Mon Jun 1 00:42:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA18092 for freebsd-hackers-outgoing; Mon, 1 Jun 1998 00:42:57 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from csnet.cs.technion.ac.il (csnet.cs.technion.ac.il [132.68.32.7]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA17925 for ; Mon, 1 Jun 1998 00:41:50 -0700 (PDT) (envelope-from nadav@cs.technion.ac.il) Received: from csd.csa (csd [132.68.32.8]) by csnet.cs.technion.ac.il (8.6.11/8.6.10) with ESMTP id KAA16519; Mon, 1 Jun 1998 10:41:06 +0300 Received: from localhost by csd.csa (SMI-8.6/SMI-SVR4) id KAA06990; Mon, 1 Jun 1998 10:41:45 +0300 Date: Mon, 1 Jun 1998 10:41:45 +0300 (IDT) From: Nadav Eiron X-Sender: nadav@csd To: David Greenman cc: Terry Lambert , abial@nask.pl, freebsd-hackers@FreeBSD.ORG Subject: Re: Signed executables, safe delete etc. In-Reply-To: <199806010018.RAA09016@implode.root.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 31 May 1998, David Greenman wrote: > As I was a VMS user and kernel software developer for 10 years prior to > hacking on Unix source, I'm quite familiar with how VMS works both internally > and externally. The linker in VMS is not installed with any special privilege > and any user can make a binary executable. A user, for example, can use kermit > or other file transfer utility to copy over a VMS executable and as long as > the file record type is correct (fixed, 512 byte records) and he sets the > execute permission (set file/prot=exec...I'd mention the system call to do > this if I could remember it), he can execute it. If you have BYPASS priv, then even this is not necessary. You simply run it. > As I mentioned above, the SYSPRIV privilege allows the process to access > resources as if he had a system UIC. There are 4 sets of permissions bits > in VMS: user, system, group, and world. A system UIC is (usually) a UIC that > has a group number that is less than 9. If you have a system UIC or you ^^^^^^^^^^^ VMS UICs are in octal (usually). A system UIC is one that has group < 10 (octal), or less than 8 if you happen to favor decimal notation... > have SYSPRIV, then you can access files and directories using the "system" > permissions bits, which usually default to RWED (all access). If your program Well, the default is something *you* set (with SET PROT/DEFAULT), so it's really up to you. > required SYSPRIV, then you apparantly had some sort of permissions problem - > perhaps you created the file with the wrong permissions to start with (no > user/group/world access) and this caused the subsequant syscall to set the > file exectuable to fail. One Can Only Imagine. > In any case, your statements regarding the linker and file executablity > are simply wrong. Not to mention VMS's ability (on vintage VAXs only, though) to run PDP-11 RSX executables (which are obviously not created with the VMS linker). A nice trick to play on a new person in a VMS shop (well, nowadays you'll have to dig for a VAX - it doesn't work in OpenVMS/Alpha) is the following: 1. Put a program that does something nasty in SYS$SYSTEM:RSX.EXE 2. Ask the innocent user to do RUN LOGIN.COM (or any other text file, the really creative can ask him to run the C source of a program...). VMS, not recognizing the image as a VMS executable will (not always, depending on the record format and the first few characters of the file) to run the image as an RSX image. Thus, it loads SYS$SYSTEM:RSX.EXE (to start PDP emulation mode), and the newbie gets what he deserves... :-) Try this on someone! People fall for it every time, trying to find out how come they can run their *source* code, and why it fails... > > -DG > > David Greenman > Co-founder/Principal Architect, The FreeBSD Project > Nadav To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message