Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!genrad!decvax!harpo!floyd!vax135!ariel!houti!hogpc!houxm!ihnp4!ihldt!jhh From: jhh@ihldt.UUCP Newsgroups: net.unix-wizards Subject: Re: Ideas on UNIX security Message-ID: <1703@ihldt.UUCP> Date: Wed, 22-Jun-83 08:43:14 EDT Article-I.D.: ihldt.1703 Posted: Wed Jun 22 08:43:14 1983 Date-Received: Thu, 23-Jun-83 00:58:01 EDT Lines: 15 Even worse than finding setuid files in bizarre places, is modifying programs that root will use often. One approach could be to write a version of ls or l that will change the owner of a file to root, plus set the SUID bit on the file when it runs. This way, the person who broke in could re-crack security any time he pleased. Since the chown and chmod calls would only work if the files existed, the person could create the file, wait for a super-user to execute ls or l, have his way with the system, and remove the evidence when done. The hardest place to clean up would probably be the process accounting files, plus remembering to change the modification times when needed. John Haller Aside to rfs - I don't have the time or patience to do this, don't worry.