setluid(0) in SCO ?
Ronald S H Khoo
ronald at robobar.co.uk
Fri Sep 21 02:33:55 AEST 1990
Can anyone think of any breaches of unix levels of security if one
were to simply leave the login uid as zero ? The silly authorisation
system seems to look only at the luid but the normal Unix checks seem
to apply to the normal (e)uid so it seems to me that if the luid were
simply always set to zero (by replacing /bin/login, I guess) then we
would effectively have just normal Unix behaviour.
Have I overlooked something obvious ?
If not, I wonder if SCO can be persuaded to supply such a replacement
/bin/login :-) (or someone go and sneak this into their distribution
masters <evil grin> :-) :-))
--
my .signature is on holiday
More information about the Comp.unix.sysv386
mailing list