Possible security problem, need information...
Paul de Bra
debra at wsinis03.info.win.tue.nl
Thu Mar 21 00:06:51 AEST 1991
In article <1991Mar18.200957.166 at gacvx2.gac.edu> dan at gacvx2.gac.edu writes:
>Is there anything inherently evil giving world write access to the "root" (aka
>"/") directory on a BSD 4.3 UNIX system? The exact permission with the command
>"ls -ld /" is "drwxrwxrwt".
Let's see, a user could:
- remove the kernel (/vmunix or /unix) so you cannot reboot after a crash
- mv /dev /somethingelse so all devices are unknown (inluding the tty's
so noone can log on...)
- mv /etc /somethingelse and then mkdir /etc, create your own /etc/passwd...
Need any more hints?
Paul.
(debra at win.tue.nl, debra at research.att.com)
More information about the Comp.unix.admin
mailing list