at files and permissions
Rahul Dhesi
dhesi at bsu-cs.bsu.edu
Thu Jul 6 01:39:33 AEST 1989
In article <669 at lzaz.ATT.COM> hutch at lzaz.ATT.COM (R.HUTCHISON) writes:
>If I wanted to be sneaky (and if "at" wasn't very smart), I could submit
>a "nasty" at job, go to the spool directory, and change the file's owner
>id to a target login and "at" would do the nasty to that login.
The above problem does not occur in BSD, because BSD allows only root
to change file ownership.
When you discuss a security problem that is specific to System V,
please be sure to say so clearly, else you may confuse naive users.
--
Rahul Dhesi <dhesi at bsu-cs.bsu.edu>
UUCP: ...!{iuvax,pur-ee}!bsu-cs!dhesi
More information about the Comp.unix.wizards
mailing list