ITS translations: security problem?
Arndt Jonasson
aj at zyx.UUCP
Tue Feb 2 20:32:43 AEST 1988
In article <9690 at tekecs.TEK.COM> andrew at frip.gwd.tek.com (Andrew Klossner) writes:
>[About file name translations in ITS (using Unix syntax)]
> "Suppose you wanted to change rm. Adding an alias, or an rm
> command in your path doesn't suffice because some scripts etc.
> say /bin/rm. So you add s|^/bin/rm$|/user/me/bin/rm| to your
> translation list."
>
>What about the security implications? Under Unix, I could use these
>translations to spoof setuid programs, e.g., make my own /etc/passwd
>then invoke /bin/su.
In Unix, were this feature to be implemented, it would have to be
restricted in order not to compromise security. In ITS, however,
there is no security problem, since ITS is not at all concerned with
security. Any process can do anything at all with any other process,
including the monitor (known as the kernel in the Unix world).
A perhaps viable restriction in Unix could be not to apply the user's
translations when the effective uid is different from the real uid.
Would this be enough to guarantee security?
--
Arndt Jonasson, ZYX Sweden AB, Styrmansgatan 6, 114 54 Stockholm, Sweden
email address: <backbone>!mcvax!enea!zyx!aj = aj at zyx.SE
More information about the Comp.unix.wizards
mailing list