The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #285 [Re: DANGER: UUCP *can* propogate the Worm] (1 message, 906 bytes)
NOTICE: recognises the rights of all third-party works.


From: (Steve DeJarnett)
To: phage
Date: Sat 18:06:35 19/11/1988 EST
Subject: Re: DANGER: UUCP *can* propogate the Worm
References: [Thread Prev: 287] [Thread Next: 247] [Message Prev: 284] [Message Next: 286]

>   Date: Fri, 18 Nov 88 12:06:16 PST
>   From: ames!!csg@EA.ECN.PURDUE.EDU (Carl S. Gutekunst)
>   Reply-To: ames!!csg@EA.ECN.PURDUE.EDU (Carl S. Gutekunst)
>    I admit to being less concerned about what local users could do than
>    what an outsider could do. Pipes are obviously useful both to outside
>    crackers and to inside tomfoolery, even if it only gives permission
>    as user "daemon" and group "other"; that's why I posted the patch to
>    remove it in my original posting.
> "Only" as user daemon?  Do a quick check of who owns and has write
> access to /usr/spool/at.

	On Pyramid's, /usr/spool/at as shipped is owned by root (not daemon).
I think that's why Carl wasn't as worried about that (at least on his systems).

> I've changed /usr/spool/at to be owned by root and changed atq, atrm,
> and at to be setuid root instead of daemon.  This is probably a good
> thing to do, since if you can spoof at, it's all over but the shouting.

	Too true.

| Steve DeJarnett            | Smart Mailers -> steve@polyslo.CalPoly.EDU     |
| Computer Systems Lab       | Dumb Mailers  -> ..!ucbvax!voder!polyslo!steve |
| Cal Poly State Univ.       |------------------------------------------------|
| San Luis Obispo, CA  93407 | BITNET = Because Idiots Type NETwork           |