Path: utzoo!attcan!uunet!cs.utexas.edu!sun-barr!rutgers!cbmvax!grr From: grr@cbmvax.UUCP (George Robbins) Newsgroups: comp.unix.ultrix Subject: Re: Tip problem With Uws2.1(vax) Keywords: Ultrix2.1 tip ports Message-ID: <7613@cbmvax.UUCP> Date: 10 Aug 89 16:15:55 GMT References: <8601@batcomputer.tn.cornell.edu> Reply-To: grr@cbmvax.UUCP (George Robbins) Distribution: na Organization: Commodore Technology, West Chester, PA Lines: 32 In article <8601@batcomputer.tn.cornell.edu> hurf@tcgould.tn.cornell.edu (Hurf Sheldon) writes: > > I installed UWS2.1 (Ultrix3.1) on a vs3200 with some dhv11's > Our 'tip' lines reported 'all ports busy' unless run from > root. I checked and rechecked the permission settings on the > tty entries, on /usr/spool/uucp and on /usr/bin/tip. After > comparing the permission level on /usr/bin/tip on another > system (UWS2.0, vsII) I saw that the 2.0 had set /usr/bin/tip > permissions [correctly?] to 4711 but the 2.1 installation had > set /usr/bin/tip 755 (which appears normal but won't allow > creation of the lock file in /usr/spool/uucp) It's... -rws--x--x 2 uucp daemon 92160 Oct 19 1988 /usr/bin/tip ...after the regular VAX 3.0 plus 3.1 installtion. > > I assume this is part of the obvious effort to plug security holes > in UWS2.1/Ultrix3.1 - just passing it on. I'll reserve judgement about right/wrong, but having it suid uucp opens the possibility more for nuisance security holes as compared to suid root. The alternative would be to have the uucp spool directory writable by anyone, with the "sticky bit" set so that only the creators of files can delete them. -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)