at files and permissions

Rahul Dhesi dhesi at bsu-cs.bsu.edu
Thu Jul 6 01:39:33 AEST 1989


In article <669 at lzaz.ATT.COM> hutch at lzaz.ATT.COM (R.HUTCHISON) writes:
>If I wanted to be sneaky (and if "at" wasn't very smart), I could submit 
>a "nasty" at job, go to the spool directory, and change the file's owner 
>id to a target login and "at" would do the nasty to that login.  

The above problem does not occur in BSD, because BSD allows only root
to change file ownership.

When you discuss a security problem that is specific to System V,
please be sure to say so clearly, else you may confuse naive users.
-- 
Rahul Dhesi <dhesi at bsu-cs.bsu.edu>
UUCP:    ...!{iuvax,pur-ee}!bsu-cs!dhesi



More information about the Comp.unix.questions mailing list