interesting feature on AMIX..
Frank McPherson
frank at hfsi.UUCP
Tue Jun 25 22:38:56 AEST 1991
In article <1991Jun24.173951.17552 at convex.com> swarren at convex.com (Steve Warren) writes:
> [...]
>But then we're not talking about "normally," are we? We are discussing
>a security hole that allows anyone with one semester of OS knowledge to
>become root on all of these machines (the ones with your custom floppy
>filesystem hack on them). Once you become root, forget about restrictions
>of where you can store files. There are none. Root is the boss.
I'm curious: how do you propose to fix this? Is it an operating system
problem? Is it possible to securly allow anyone to mount a floppy?
>From what you've already said, I guess that requires asking if it's
possible to make sure that there are no setuid'd files on the disk, or
it means ignoring the setuid bit. Which would be better? Why would it
be better?
- Frank McPherson INTERNET: emcphers at manu.cs.vt.edu --
More information about the Comp.unix.amiga
mailing list