wjw@eb.ele.tue.nl (Willem Jan Withagen) (07/27/90)
YAQ(yet another question): Intro: An user on our system has discovered the /etc/killall program. My guess is that this is a leftover from a previously installed SyS5.3 env. (since I cant find it in the AA of BSD). But it's not documented in the sys5 manual. (And I dont feel like reloading the Sys5 to do so). It seems to kill all the processes of the user executing the command. (doing so as ROOT, kills all but init) Q: Is this correct? Q2: And if this is so, why does it also kill the 'service proces manager'. Thanx, Willem Jan Withagen PS: You've all noticed by now, that a little complaining has resulted in at least one effective responce. The net has now 'officially' been informed of the problem with 'exec_suid'. It was a little late, but we're getting somewhere. Eindhoven University of Technology DomainName: wjw@eb.ele.tue.nl Digital Systems Group, Room EH 10.10 BITNET: ELEBWJ@HEITUE5.BITNET P.O. 513 Tel: +31-40-473401 5600 MB Eindhoven The Netherlands
chen@digital.sps.mot.com (Jinfu Chen) (07/28/90)
In article <551@eba.eb.ele.tue.nl> wjw@eb.ele.tue.nl writes: >YAQ(yet another question): > Intro: > An user on our system has discovered the /etc/killall program. Straight from sys5.3 man page: ======================================= killall - kill all active processes SYNOPSIS /etc/killall [ signal ] DESCRIPTION killall uses /etc/shutdown to kill all active processes not directly related to the shutdown procedure. killall terminates all processes with open files so that the mounted file systems are freed and can be unmounted. killall sends signal (see kill[1]) to all processes that are not part of the above group of exclusions. If you do not specify signal, the default signal - 9 - is used. FILES /etc/shutdown SEE ALSO shutdown(1M), kill(1), ps(1) signal(2) NOTE Only a super-user can run killall. ^^^^^^^^^^ However, I could run this program as a regular user. The default permission is 555 in our system. Wonder why...
goutier@IRO.UMontreal.CA (Claude Goutier) (07/28/90)
In article <551@eba.eb.ele.tue.nl> wjw@eb.ele.tue.nl writes: >YAQ(yet another question): > An user on our system has discovered the /etc/killall program. > <...> (since I cant find it in the AA of BSD). But it's > not documented in the sys5 manual. (And I dont feel like reloading > the Sys5 to do so) It is not the first time that someone discover an undocumented program that happens to be dangerous. I suggest that every such program be considered suspect and that we ask the software provider what does those programs are doing there. Are they trapdoor ones ? Do their lawyers will provide compensationif any wrongdoing happens because of those ? Remember, they do not want to ship perl with domain/os because they fear etc. But at the same time, they provide us with undesirable nasty pests. Just say no to undocumented programs, ask for the source! -- Claude Goutier Services informatiques, Universite de Montreal C.P. 6128, Succ "A", Montreal (Quebec) goutier@jsp.umontreal.ca Canada H3C 3J7 (514) 343-5617
rees@dabo.ifs.umich.edu (Jim Rees) (07/29/90)
In article <1990Jul28.142626.28237@IRO.UMontreal.CA>, goutier@IRO.UMontreal.CA (Claude Goutier) writes: It is not the first time that someone discover an undocumented program that happens to be dangerous. I don't consider killall to be dangerous to the system, since it doesn't let you kill any process you don't own. It may be dangerous to individual users, but anyone who runs a program named "killall" without first finding out what it does deserves whatever they get. I suggest that every such program be considered suspect and that we ask the software provider what does those programs are doing there. Are they trapdoor ones ? Do their lawyers will provide compensation if any wrongdoing happens because of those ? Apollo may be occasionally incompetent but I doubt that they are malicious. When you are trying to decide whether to trust a piece of software, you need to ask yourself whether you trust its author, and adjust your trust level accordingly. See Ken Thompson's Turing award speech for an excellent discussion of this topic.
goutier@IRO.UMontreal.CA (Claude Goutier) (07/29/90)
In article <1990Jul28.204241.14946@terminator.cc.umich.edu> rees@citi.umich.edu (Jim Rees) writes: >I don't consider killall to be dangerous to the system, since it doesn't let >you kill any process you don't own. It may be dangerous to individual users, >but anyone who runs a program named "killall" without first finding out what >it does deserves whatever they get. You are right. I pick up a wrong example. Better ones could be: /etc/suid_exec ou /usr/apollo/bin/pax. Nevertheless, if /etc/killall is intended to be executed by root, then there is no reason to make it world executable. Further more, it could have been placed in /etc/sys5.../killall since it is system V proper. >Apollo may be occasionally incompetent but I doubt that they are malicious. I think the same as you. But in marketing, the important is not what is true but what the customer think about the product. How long did they take to fix the sendmail bug (trojan, trap door debug...)? Of course, it was not their program. But remember that I was making comparison between rebutal to include perl and lack of proper concern for programs they wrote or they distribute as part of UNIX(TM). Understand me well. I like Apollo and the Display Manager. But I do not like any software provider which just kill (in the marketing sense) its product by not supporting it as it deserved to. >When you are trying to decide whether to trust a piece of software, you need >to ask yourself whether you trust its author, and adjust your trust level >accordingly. See Ken Thompson's Turing award speech for an excellent >discussion of this topic. Not only the author, but the modifier/adaptor, the distributor and so on. The only practical way is to have the source code. When a problem arise, one can look and find what is going on. Or one could read the source on spare time and find problems before they actually happen. This is far more easier to do than to try to get them in the real life :-) -- Claude Goutier Services informatiques, Universite de Montreal C.P. 6128, Succ "A", Montreal (Quebec) goutier@jsp.umontreal.ca Canada H3C 3J7 (514) 343-5617
wjw@eb.ele.tue.nl (Willem Jan Withagen) (07/30/90)
>In article <1990Jul28.142626.28237@IRO.UMontreal.CA>, >goutier@IRO.UMontreal.CA (Claude Goutier) writes: > >I don't consider killall to be dangerous to the system, since it doesn't let >you kill any process you don't own. It may be dangerous to individual users, >but anyone who runs a program named "killall" without first finding out what >it does deserves whatever they get. > I agree to the above statement, BUT it does harm programs which are not owned by the user!!!!!! Running 'killall' kills the service-process-manager. It runs under the user: "user.server.none" and is aborted by killall. Now the 'spm' is not a real vital program, and it does not crash the node but it is very anoing when user complain that they can't 'crp' because somebody else killed the spm! And what about: "Can only be run by the SUPER-USER"! Since I now know that it belongs to Sys5, I'm going to delete it. (We don't run Sys5 any longer) So it solves my problem, but all those outthere running Sys5 should change the settings to something like rwx------ root wheel /etc/killall to fullfil the manual's requirement. Regards, Willem Jan Withagen Eindhoven University of Technology DomainName: wjw@eb.ele.tue.nl Digital Systems Group, Room EH 10.10 BITNET: ELEBWJ@HEITUE5.BITNET P.O. 513 Tel: +31-40-473401 5600 MB Eindhoven The Netherlands