Findsuid source (Re: Security an

Sean Casey sean at ukma.UUCP
Tue Feb 5 15:59:22 AEST 1985


> Another problem with having a find-suid-programs program that runs based
> on crontab entries is that anyone can see when the find-suid-programs
> program is going to run next, and make their moves on that basis.
> 
> 		kurt


I do not think that findsuid is designed to be a serious security
program.   It  is  a nice little watchdog that will trap a novice
that happens to find a bug (there's lots) and creates his own  su
(or similar), but it's extremely simple, and easy to bypass.

A friend of mine wrote an interesting security program for  Tops-
10.  It  locked  itself in core and set up breakpoints at some of
the monitor calls. It then checked the parameters on these  calls
and  made  sure they were "ok". It entwined itself to the monitor
so tightly that it was almost impossible to defuse without taking
down the whole monitor with it. It checked for a number of things
and  logged  (in  an  undeletable  file!)  conditions  which   it
considered  unusual.   If  I  were  to go about writing a serious
security program for Unix, I'd probably go about it much the same
way.   I  would  make  the process as unkillable as possible, and
have it periodically check things.

'nuff ramblin'

Sean Casey



More information about the Comp.unix.wizards mailing list