Major security problem in the UA: looking for a real fix
Rusty Hodge
rusty at hodge.UUCP
Wed Feb 10 04:53:39 AEST 1988
The most deadly UA hole is the Administration file in the /u/install area.
Out of the box (at least mine and several others), this file is read for
everyone. Simply copy it into your area, run the UA and presto you can
change the root password.
The simple fix for this is to chmod o-r Administration. However, this
will not keep experienced UA types from creating their own UA entries that
have the same sort of command scripts that the Administration file does.
Let's face it: the UA is *evil*. Get rid of it. Hide it in a nested directory
and take away its execute privledges. Make it go away.
Root will still be able to get to most of those nifty UA-run programs for
screen-oriented system administration. :->
More information about the Comp.sys.att
mailing list