Security & COPS
Mike Iglesias
iglesias at orion.oac.uci.edu
Sat Sep 15 01:27:02 AEST 1990
In article <11883 at crdgw1.crd.ge.com> vanpelt at crd.ge.com (wayne e vanpelt) writes:
>Recently one of my coworkers attended a Usenix Conveference on Security.
>He brought back with him COPS, a script that will indicate various
>weeknesses existing on a particular system. When executed on our vax
>3500 running ultrix 3.2 it indicated that /dev/kmem and /dev/mem were
>world readable. When this permission was removed, various programs broke
>(ps, uptime, and w I know about and adjusted). It appeared to cause some
>mail to bounce but I'm not sure if that was a result of the change.
>
>Does anyone have a list of the programs that come with ultrix that need
>permission to read /dev/kmem? (Please respond via e-mail to
>'vanpelt at crd.ge.com' as I do not regularly read this news group).
I recently did this on my DECstation 3100 running Ultrix 3.1. I used
group 6 as kmem, since that's what our Ultrix v4.0 system uses (DEC
has fixed this for you in v4.0). All these programs need to be
chgrp'd to kmem and chmod'd to 2755 (or 6755 if it's setuid root).
Here's the list of programs that needed fixing:
/bin/ps
/dev/kmem
/dev/mem
/usr/etc/pstat
/usr/etc/arp
/usr/etc/nfsstat
/usr/bin/iostat
/usr/bin/ipcs
/usr/bin/mail
/usr/ucb/netstat
/usr/ucb/uptime
/usr/ucb/vmstat
/usr/ucb/w
Mike Iglesias
University of California, Irvine
Internet: iglesias at orion.oac.uci.edu
BITNET: iglesias at uci
uucp: ...!ucbvax!ucivax!iglesias
More information about the Comp.unix.ultrix
mailing list