Bugtraq mailing list archives
Re: UnixWare
From: jmm () elegant com (John Macdonald)
Date: Wed, 27 Apr 1994 14:36:47 -0400
Perry E. Metzger wrote :
||
|| Michael Neuman says:
|| >
|| > Huh? You go ahead and belive that. Personally, I can think of all sorts
|| > of security flaws at the kernel level that have NOTHING to do with setuid
|| > programs.
||
|| Name a couple for us then. I personally have seen only one security
|| hole in a kernel in the past several years -- the division bug under
|| older SunOS. Virtually every alert is related to a program thats
|| setuid root, or that is needlessly running with root privileges (like
|| sendmail).
Well there are certainly configuration problems that can
break security that do not involve setuid. General write
(or even read) permissions on /dev/mem or /dev/kmem is
one example. Write permission on /etc/passwd amongst many
important files and directories is another.
--
That is 27 years ago, or about half an eternity in | John Macdonald
computer years. - Alan Tibbetts | jmm () Elegant COM
Current thread:
- Re: HP's security stance (was Re: UnixWare), (continued)
- Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Carl Corey (Apr 27)
- Re: UnixWare der Mouse (Apr 27)
- Re: UnixWare Casper Dik (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bonfield James (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Ron McDowell (Apr 27)
- Re: UnixWare John Macdonald (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare der Mouse (Apr 27)
- Re: UnixWare Scott Schwartz (Apr 27)
- Re: UnixWare Bennett Todd (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare (I think it's time to pick a new subject) Doug Hughes (Apr 28)
- Re: UnixWare Marc W. Mengel (Apr 29)
- Re: UnixWare Daniel R Ehrlich (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare Bennett Todd (Apr 27)