Path: utzoo!utgpu!watmath!clyde!att!ucbvax!bloom-beacon!mcgill-vision!mouse From: mouse@mcgill-vision.UUCP (der Mouse) Newsgroups: comp.unix.wizards Subject: Re: Crackers and Worms Message-ID: <1370@mcgill-vision.UUCP> Date: 1 Dec 88 23:20:39 GMT References: <1308@zippy.eecs.umich.edu> Organization: McGill University, Montreal Lines: 18 In article <1308@zippy.eecs.umich.edu>, cja@entebbe.eecs.umich.edu (Charles J. Antonelli) writes: > In articleRahul Dhesi (dhesi@bsu-cs.uucp) writes: (Is that really the Message-ID of Rahul's article? I hope not!) >> But at's jobs to be executed are owned by daemon, so isn't being >> daemon just a trivial step away from being root? Somebody mentioned >> this earlier and nobody contradicted him. > consider the statement contradicted. daemon is just another non-root > uid. Not "just" that. On our 4.3, at least, the at queue *is* owned by daemon. Therefore, if I can break in with uid daemon, I can queue an arbitrary at job to be run by an arbitrary user, such as root. Now what was that again about how daemon was just another non-root uid? der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu