revc@gwsd.UUCP (Bob Van Cleef) (07/30/85)
There appears to be a lack of concern about security in the current implementation of the pc7300 User Agent. If you are a "EXPERT USER" as defined by the User Agent, you can add and delete users, cancel print jobs, and basically have a good time. Any "EXPERT USER" has full access to all of the system administrative functions. You can control this to a certain extent by defining an account to be a non-expert, but a NON-EXPERT CAN REDEFINE THEMSELVES TO BE AN EXPERT!!! Also, you cannot isolate authority to access Unix (which has all of the normal security features) from having access to system administration, which has NO security. If you are concerned about the destructive effects of a non-expert user that likes to "try things" then you must not allow them access to the User Agent at all! Comments? --------- Note: You can login as root from all ports, including the modem. -- Bob Van Cleef ...sdcsvax!gwsd!revc Gateway Computer Systems (619) 457-2701 4980 Carroll Canyon Road San Diego, CA 92121
revc@.UUCP (Bob Van Cleef) (07/30/85)
There appears to be a lack of concern about security in the current implementation of the pc7300 User Agent. If you are a "EXPERT USER" as defined by the User Agent, you can add and delete users, cancel print jobs, and basically have a good time. Any "EXPERT USER" has full access to all of the system administrative functions. You can control this to a certain extent by defining an account to be a non-expert, but a NON-EXPERT CAN REDEFINE THEMSELVES TO BE AN EXPERT!!! Also, you cannot isolate authority to access Unix (which has all of the normal security features) from having access to system administration, which has NO security. If you are concerned about the destructive effects of a non-expert user that likes to "try things" then you must not allow them access to the User Agent at all! Comments? --------- Note: You can login as root from all ports, including the modem. -- Bob Van Cleef ...sdcsvax!gwsd!revc Gateway Computer Systems (619) 457-2701 4980 Carroll Canyon Road San Diego, CA 92121 #! rne
rrt@duke.UUCP (Russell R. Tuck) (08/02/85)
In article <141@gwsd.UUCP> revc@gwsd.UUCP (Bob Van Cleef) writes: >There appears to be a lack of concern about security in the current >implementation of the pc7300 User Agent. ... >............... If you are concerned about the destructive >effects of a non-expert user that likes to "try things" then you >must not allow them access to the User Agent at all! > >Comments? You can take away many of the User Agent's powers (and some features, too), by changing permissions on the file /usr/lib/ua/uasetx so that it is NOT set user id (SETUID bit turned off). The system is distributed with this bit turned on. The UA apparently uses this program to give itself root privileges. Russ Tuck Duke University Computer Science Department {ihnp4,decvax}!duke!rrt
kad@ttrdc.UUCP (Keith Drescher) (08/02/85)
In article <141@gwsd.UUCP> revc@gwsd.UUCP (Bob Van Cleef) writes: >There appears to be a lack of concern about security in the current >implementation of the pc7300 User Agent. > > If you are a "EXPERT USER" as defined by the User Agent, > you can add and delete users, cancel print jobs, and > basically have a good time. Any "EXPERT USER" has full > access to all of the system administrative functions. > >You can control this to a certain extent by defining an account to >be a non-expert, but a NON-EXPERT CAN REDEFINE THEMSELVES TO BE >AN EXPERT!!! > >Also, you cannot isolate authority to access Unix (which has all of >the normal security features) from having access to system administration, >which has NO security. If you are concerned about the destructive >effects of a non-expert user that likes to "try things" then you >must not allow them access to the User Agent at all! > >Comments? >--------- You can keep users from accessing UNIX System via the User Agent (ua) by editing /usr/lib/ua/Office. Simply comment out the line with UNIX System and the few lines following it (Default = , Open =, etc) by placing #'s in front of them. This keeps anyone from accessing UNIX from ua by removing UNIX System from the Office menu. Note: if you so wish, (and I doubt it) you can change whatever option is currently on Open (Open=EXEC -?.... to Open=EXEC -dp ....) this opens a UNIX shell with root permissions, # prompt and everything. How's that for lack of security? >Note: You can login as root from all ports, including the modem. >-- Our PC will sometimes allow you to login as root from the modem, and sometimes responds "illegal login" or some such nonesense when you enter "root" in response to "Please Login" it's really flakey about it. Keith Drescher, AT&T Computer Systems Division, Skokie, IL. -- ------------------------------------------------------------------------- Keith Drescher (kad@ttrdc) | ... You can check out any | time you like - but you can PATH: ...!ihnp4!ttrdc!kad | never leave ... -------------------------------------------------------------------------
gritz@homxa.UUCP (R.SHARPLES) (08/02/85)
Pounding out the UNIX System entry in the Office window will not help keep people out of UNIX. It is possible from any window to type "!sh<cr>" and get into UNIX, expert user or not. The only way to create real security in the system is to LOCK EVERYTHING! Put passwords on all logins (including tutor and install and root), Set the main directories at 775 or 755 at the very least (by main I mean /, /etc, /bin, /usr, etc.) and set the ownership and groups very carefully. I checked to see what the protections are on one of our public UNIX systems here at Holmdel and used them as a starting point. And remember to set umask at 022 or so. Russ Sharples homxa!gritz soon to be at ho-rps!rps
gwyn@brl-tgr.ARPA (Doug Gwyn <gwyn>) (08/04/85)
People here tend to think in terms of Cray-2s, so I don't have access to any UNIX PC to find out: Is the "user agent" worth having? There have been reports that it's a real CPU burner..
rrt@duke.UUCP (Russell R. Tuck) (08/05/85)
In article <316@ttrdc.UUCP> kad@ttrdc.UUCP (Keith Drescher) writes: >You can keep users from accessing UNIX System via the User Agent (ua) >by editing /usr/lib/ua/Office. Simply comment out the line with >UNIX System and the few lines following it (Default = , Open =, etc) >by placing #'s in front of them. This keeps anyone from accessing >UNIX from ua by removing UNIX System from the Office menu. No, they can put it back into their Office menu by putting a file called Office in their home directory with the following lines: Name=UNIX window Default = Run Run=EXEC -w $SHELL All menu items in this file are added to the Office window, replacing any identically-named items. (They can get to the shell the first time with "!sh", as noted in another article.) >Note: if you so wish, (and I doubt it) you can change whatever option >is currently on Open (Open=EXEC -?.... to Open=EXEC -dp ....) >this opens a UNIX shell with root permissions, # prompt and >everything. How's that for lack of security? It's worse than that! Any user can do this to their own Office file, with the same effect. Thus, the following lines in a user's home directory Office file will put a root shell menu item in the Office window: Name=Root Shell Default = Run Run=EXEC -pd $SHELL This is documented on page 6 of the UA(4) manual entry. I discussed this with someone on the AT&T Support Hotline. He was unaware of this particular "feature" (sic) (ie, bug) of the User Agent, but said that the next release ("in the fourth quarter") is supposed to have much improved security. Let's hope so! Russ Tuck Duke University Computer Science Department rrt@duke
acy@milo.UUCP (Adnan Yaqub) (08/20/85)
> >Note: if you so wish, (and I doubt it) you can change whatever option > >is currently on Open (Open=EXEC -?.... to Open=EXEC -dp ....) > >this opens a UNIX shell with root permissions, # prompt and > >everything. How's that for lack of security? > > It's worse than that! Any user can do this to their own Office file, with > the same effect. Thus, the following lines in a user's home directory Office > file will put a root shell menu item in the Office window: > Name=Root Shell > Default = Run > Run=EXEC -pd $SHELL > This is documented on page 6 of the UA(4) manual entry. I think it is possible to overcome some of the security problems by removing the set user id bit on $UA/uasetx and $UA/uasig. It seems to protect things nicely. The user agent does not handle the protection errors very well but it doesn't seem to do anything too bad and besides, if you don't have the necessary privileges then you shouldn't be trying it, right? Thanks Clive.