SECURITY Concerns for Unix systems
John 'tms' Navarra
navarra at casbah.acns.nwu.edu
Fri Apr 12 17:16:20 AEST 1991
In article <2952 at kirk.nmg.bu.oz.au> bambi at kirk.nmg.bu.oz.au (David J. Hughes) writes:
>From article <16313 at reed.UUCP>, by bob at reed.UUCP (Bob Ankeney):
>> Speaking of permissions, I've noticed a number of Unix systems with mode
>> 777 on the root directory! This is an easy in for anyone wanting super-user
>> access. I've noticed this on both AT&T and NCR unix boxes.
>
>I have also seen this on Sun's running pre 4.x SunOS. There may be a
>Sun in a back room somewhere that is a host for anyone wanting root
>access.
SUN!!!!!! They ship their Unix with /etc/hosts.equiv with a + !!
making it possible for ALL machines to have root privs on the thing!!!
now how hard is it to take that out? Sounds pretty damn stupid to me.
Not to mention all the other security holes they leave in --and don't
tell you about!
>
>
>David
>+----------------------------------------------------------------------------+
>| David J. Hughes (AKA bambi) | bambi at kirk.bu.oz.au |
>| Senior Systems Programmer | bambi at kirk.bu.oz.au@uunet.uu.net |
>| Comms Development & Operations | ..!uunet!munnari!kirk.bu.oz.au!bambi |
>| Bond University, Gold Coast | Phone : +61 75 951450 |
>| Queensland, Australia 4229 | Fax : +61 75 951456 |
>+----------------------------------------------------------------------------+
--
>From the Lab of the MaD ScIenTiST:
navarra at casbah.acns.nwu.edu
More information about the Comp.unix.wizards
mailing list