Bugtraq mailing list archives
Re: UnixWare
From: perry () snark imsi com (Perry E. Metzger)
Date: Wed, 27 Apr 1994 15:17:35 -0400
John Macdonald says:
Well there are certainly configuration problems that can break security that do not involve setuid. General write (or even read) permissions on /dev/mem or /dev/kmem is one example. Write permission on /etc/passwd amongst many important files and directories is another.
Certainly that is the case. No one doubted it. I in fact explicitly mentioned such cases in my initial message. The original question was "how do I make my public access unix system secure"? I stated that security bugs could be traced 99% of the time to -- Bad file permissions -- Improperly allowing access to devices or files like utmp or wtmp -- SUID programs or programs running unnecessarily as root Remove these problems, which you can do more or less mechanically, from your public access unix system and its unlikely that anyone can hack it any more. With that, I'm laying this thread to rest. Perry
Current thread:
- Re: UnixWare, (continued)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Carl Corey (Apr 27)
- Re: UnixWare der Mouse (Apr 27)
- Re: UnixWare Casper Dik (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Bonfield James (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Ron McDowell (Apr 27)
- Re: UnixWare John Macdonald (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare der Mouse (Apr 27)
- Re: UnixWare Scott Schwartz (Apr 27)
- Re: UnixWare Bennett Todd (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare (I think it's time to pick a new subject) Doug Hughes (Apr 28)
- Re: UnixWare Marc W. Mengel (Apr 29)
- Re: UnixWare Daniel R Ehrlich (Apr 28)
- Re: UnixWare Perry E. Metzger (Apr 28)
- Re: UnixWare Bennett Todd (Apr 27)