Bugtraq mailing list archives
Re: UnixWare
From: jmm () elegant com (John Macdonald)
Date: Wed, 27 Apr 1994 14:36:47 -0400
Perry E. Metzger wrote : || || Michael Neuman says: || > || > Huh? You go ahead and belive that. Personally, I can think of all sorts || > of security flaws at the kernel level that have NOTHING to do with setuid || > programs. || || Name a couple for us then. I personally have seen only one security || hole in a kernel in the past several years -- the division bug under || older SunOS. Virtually every alert is related to a program thats || setuid root, or that is needlessly running with root privileges (like || sendmail). Well there are certainly configuration problems that can break security that do not involve setuid. General write (or even read) permissions on /dev/mem or /dev/kmem is one example. Write permission on /etc/passwd amongst many important files and directories is another. -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm () Elegant COM
Current thread:
- Re: HP's security stance (was Re: UnixWare), (continued)
- Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Carl Corey (Apr 27)
- Re: UnixWare der Mouse (Apr 27)
- Re: UnixWare Casper Dik (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bonfield James (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Ron McDowell (Apr 27)
- Re: UnixWare John Macdonald (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare der Mouse (Apr 27)
- Re: UnixWare Scott Schwartz (Apr 27)
- Re: UnixWare Bennett Todd (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare (I think it's time to pick a new subject) Doug Hughes (Apr 28)
- Re: UnixWare Marc W. Mengel (Apr 29)
- Re: UnixWare Daniel R Ehrlich (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare Bennett Todd (Apr 27)