Security on A/UX
David R Falkenburg
falken at caen.engin.umich.edu
Sun Oct 9 07:13:00 AEST 1988
Forget about worrying about students with suid programs on floppy.
The porblem is that anyone who can access snarf (i.e. pirate)
a copy of sash, along with chmod & cp commands can make their
own root shells by simply reseting their machine, inserting their own
sash floppy & hacking away in the traditional "make a root shell
procedure" there aren't even any footprints left in wtmp, utmp, lastlog
etc. to see who might have done these things...
sash is nice for PERSONAL AU/X workstations but HELLISH for administrators
of public labs with A/UX macintoshes..
-dave
--
Dave Falkenburg @ University of Michigan Computer Aided Engineering Network
Internet: falken at caen.engin.umich.edu UUCP: umix!caen.engin.umich.edu
More information about the Comp.unix.aux
mailing list