home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.security.misc
- Path: sparky!uunet!ossi!dag
- From: dag@ossi.com (Darren Alex Griffiths)
- Subject: Re: root-owned world-writable files
- Message-ID: <dag.712014850@ossi.com>
- Sender: news@ossi.com (OSSI Newsstand)
- Nntp-Posting-Host: nasty
- Organization: Open Systems Solutions Inc.
- References: <1992Jul23.114717.29349@jarvis.csri.toronto.edu> <1992Jul23.214456.17288@aston.ac.uk>
- Date: Fri, 24 Jul 1992 21:54:10 GMT
- Lines: 29
-
- evansmp@uhura.aston.ac.uk (Mark Evans) writes:
-
- >This sounds like the same sort of philophicy used in VAX/VMS if it can't find
- >SYS$UAF (the equivalent of /etc/password)
- >It gives you all privs.
- >I think the assumption (on the part of the OS) is that the file system
- >is trashed and you need the privs to fix it.
- >(though I have a feeling that VMS will only allow a console login in
- >that situation)
-
- That's correct. If the authorization file disappears then you can go to
- the console and get full access, but you can't login from any other
- terminal. Requiring physical access to the console in this situation is
- not a security hole IMHO, it is similar to bringing the system up in
- single-user mode with Unix, although some Unix systems require a password
- for this. With VMS you can also boot the system with an alternate boot
- file, and then specify the console device as that file, which gives similar
- results to bring up a Unix system in single user mode.
-
-
- --dag
- _______________________________________________________________________________
- Darren Alex Griffiths | dag@nasty.ossi.com
- Open Systems Solutions, Inc | (510) 652-6200 x139
- Fujitsu | Fax: (510) 652-5532
- 6121 Hollis Street | Berkeley is famous for two exports
- Emeryville, CA 94608-2092 | LSD and unix, this isn't a coincidence.
- _______________________________________________________________________________
-
-
