Major security problem in the UA: looking for a real fix

Brant Cheikes brant at manta.UUCP
Sun Feb 14 05:35:23 AEST 1988


In article <114 at hodge.UUCP> rusty at hodge.UUCP (Rusty Hodge) writes:
>Let's face it: the UA is *evil*.  Get rid of it.  Hide it in a nested
>directory and take away its execute privledges.  Make it go away.

For those who don't need to give ua access to "non-trusted" users, the
simplest solution seems to be:

	1. Create a new group in /etc/group, say "guest".
	2. Put all non-trusted users in the guest group (all "trusted"
	   users remain in the "users" group)
	3. chgrp users /usr/bin/ua
	4. chmod o-rwx /usr/bin/ua

Now, only the superuser and members of the "users" group can execute
the user agent.
-- 
Brant Cheikes
University of Pennsylvania
Department of Computer and Information Science
ARPA: brant at linc.cis.upenn.edu, UUCP: ...drexel!manta!brant



More information about the Unix-pc.general mailing list