Adopey.136
net.unix-wizards
utcsrgv!utzoo!decvax!duke!unc!dopey.smb
Fri Mar  5 10:52:33 1982
Re: Great gaping security hole
To the best of my knowledge, that glitch was first described by
duke!trt and duke!jte in their paper on writing setuid programs
(it's an example of why *no* files should be generally writable).

The reason it's so serious is that it's generally applicable -- almost
any site with sophisticated terminals is vulnerable.  (Ironically, IBM
machines are among the *least* vulnerable; they use 3270 terminals,
where the transmit screen command is out of band, at least for locally-
attached ones.)  I would add one or two frills on the basic idea, but
I probably shouldn't; they help avoid detection.....

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.