setluid(0) in SCO ?
Eamonn McManus
em at dce.ie
Sat Sep 22 00:34:35 AEST 1990
In article <1990Sep20.163355.7147 at robobar.co.uk> ronald at robobar.co.uk (Ronald S H Khoo) writes:
>Can anyone think of any breaches of unix levels of security if one
>were to simply leave the login uid as zero ? The silly authorisation
>system seems to look only at the luid but the normal Unix checks seem
>to apply to the normal (e)uid so it seems to me that if the luid were
>simply always set to zero (by replacing /bin/login, I guess) then we
>would effectively have just normal Unix behaviour.
I don't think you've realised just how cretinous a misfeature the SCO
login uid is. Several programs, such as crontab and at, will refuse to
run if your login uid is not the same as your real uid. So if you log
in as root and su to another user such as news, you can't do crontab -l.
To get around this and other SCO idiocies we have rewritten su at Datacode
so that it sets the login uid as well as the normal uid to the new user.
Of course the setluid() system call won't let you do this even if you're
root, but root can poke around in /dev/kmem to accomplish the same effect.
If anyone would like a copy of this su, mail me. If there is enough
interest, I will post it.
--
Eamonn McManus <em at dce.ie> <em%dce.ie at cunyvm.cuny.edu>
Fingers are for fuguing.
More information about the Comp.unix.sysv386
mailing list