which unix-pc files MUST be writeable by others?

Mark Sienkiewicz mark at umbc3.UMBC.EDU
Fri May 5 11:12:22 AEST 1989


In article <672 at cbnewsc.ATT.COM> danl at cbnewsc.ATT.COM (daniel.r.levy) writes:
>In article <17736 at cup.portal.com>, thad at cup.portal.com (Thad P Floryan) writes:
>< the /usr/lib/ua most definitely, so that anyone can do "rm -f /usr/lib/ua/*"
>
>[wipe dat smirk offa you face...]
>
No smirk is necessary.  The user agent is a huge security hole.

>Gee tell me something I don't know.  I'm not asking about what's good UNIX
>security in general (I presume that Wood and Kochan's book is about that, not
>about the 3B1 in particular).  I got plenty of training about that at work.
>What I want to know is, WHAT WILL BREAK when I try to impose conventional ideas
>of UNIX security (please hold the wise cracks) upon a 3B1?  And I'd like to

To make a secure Unixpc, do this:
	1 - Kill the user agent.
	2 - do the things that make a normal Unix machine secure (e.g.
		the stuff in that book).

I did this and the machine works perfectly.  Some experiments revealed that
securing the machine DOES break a number of UA functions, mostly
those related to setting up the machine.

The only non-UA thing I can remember that got broken was cu.  (it
uses /usr/bin/setgetty to edit /etc/inittab.  If you allow setgetty
to work, you allow dialup non-priv users to disable logins on the
console.)  You can fix this by replacing /usr/bin/get{on|off}.sh
with empty files; you just can't dial out if there is a getty on your
phone.

I found that a good compromise was to 1) lock the machine down real
tight [of course, I hated UA]. 2) introduce some new security holes so
I don't have to type su very often.  [e.g. make /etc/mount setuid to root
but make it only executable to a group of trusted users.]



More information about the Unix-pc.general mailing list