-x implementations

Tom Christiansen tchrist at convex.COM
Wed Mar 13 14:20:33 AEST 1991


>From the keyboard of jfh at rpp386.cactus.org (John F Haugh II):
:In article <S3+9E31 at xds13.ferranti.com> peter at ficc.ferranti.com (Peter da Silva) writes:
:>Does "auth" have write access to these files? If so then you haven't changed
:>the problem any. Just made it more obscure. Nothing that someone with adb
:>and a little determination couldn't crack.
:
:You have a pretty poor understanding of how systems with "enhanced
:security" work.  More likely that not, "auth" is only able to write
:the various files when some magical "trusted path" exists, or only
:"trusted" applications can be executed by "auth" or some other
:restriction.  You will likely find that "auth" lacks whatever magic
:cookie it is that would let any random program modify any random
:file.  If it doesn't we should all point our fingers at SecureWare
:and laugh heartily.  [Then we can point our fingers at OSF for
:picking SecureWare as well ;-) ]

I maintain that both "auth" and "sysadmin" give you indirect
root privileges.  With auth, you can create accounts or modify
existing ones.  With sysadmin, you can mount arbitrary things
at arbitrary points, do dumps and restores etc.  I'm sure you 
see how both of these quickly allow you to do anything you want.
Secureware has only replaced one all-powerful account with
several all-minus-one-powerful accounts, and anyone with 
6 months experience at UNIX knows how to add that one back in.

--tom



More information about the Comp.unix.programmer mailing list