|
|
ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #287 [DANGER: UUCP *can* propogate the Worm] (1 message, 820 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/287.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Barry Shein <encore!pinocchio!bzs@talcott.harvard.edu>
To: phage
Date: Sun 10:05:13 20/11/1988 EST
Subject: DANGER: UUCP *can* propogate the Worm
References:
[Thread Prev: 283]
[Thread Next: 285]
[Message Prev: 291]
[Message Next: 288]
There's nothing inherently wrong in using multiple uid's (your summary seemed complete enough) for various sub-systems. I would guess that many people, including myself, have used that kind of thing. A lot of the games wanted special access to their scores file thru setuid execution so we used the pseudo-user falcon (maybe that's spelled wrong, as in war games) to own the scores files rather than root or whatever they recommended. On the other hand I think we have to be cautious about fooling ourselves. People are proposing all sorts of prophylactic security mechanisms (this one, shadow passwds etc) which I believe is a bad thing to stress in general. It seems to be the management of insecurity rather than any attempt to create security. Have we really given up and just decided to limit the damage? Sounds like a bad idea. Also an infinite pit into which we will regret having slipped. -Barry Shein, ||Encore||
END OF DOCUMENT
| ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |