Possible at(1) security breach?

wapd at houxj.UUCP wapd at houxj.UUCP
Thu Jun 2 00:59:43 AEST 1983


	This is only one of many ways in which AT(1) can cause
security breaches.  Set up properly, AT is fully secure (at least
on BTL systems running equivalents of System III and IV).

	However, there are many ways for administrators to make
mistakes that cause a security breach.  If the AT spool directory
is writable, you can create dummy files owned by various users
and anything can happen.  If files in the directory are writable,
you can change the commands in them and break security.  If the
directory above the spool directory is writable, you can remove the
entire spool directory and make your own.  And so on ...

					Bill Dietrich
					houxj!wapd



More information about the Net.bugs.v7 mailing list