hanche@imf.unit.no (Harald Hanche-Olsen) (05/08/90)
Debugging across the network is a wonderful thing for many of our users, who use dde to debug code on our (display-less) DN10000 from a DN3500 workstation (using dde -on //othernode command ...) HOWEVER, this starts up /sys/debug/tgt/apollo/dbgk_prism AND the program under debugging WITH ROOT PRIVILEGES on the remote node!!!!!!! I am appalled. And flabbergasted. PLEASE, someone tell me there is some neat trick I can do to stop this from happening. Or will I need to disable across-the-network debugging, in the name of security? - Harald Hanche-Olsen <hanche@imf.unit.no> Division of Mathematical Sciences The Norwegian Institute of Technology
hanche@imf.unit.no (Harald Hanche-Olsen) (05/08/90)
Oh, I forgot - we are running SR10.2 on all nodes now. bsd4.3 environment if that is relevant. - Harald
hanche@imf.unit.no (Harald Hanche-Olsen) (05/09/90)
It's a good thing the color of my face can not be seen on the network. Here I go, saying dde is a security risk, when all it was was the suid bit on the crp program that had been hit, either by a cosmic ray or by a cracker. I hope the former is the case, but fear the latter... Many thanks to Erica Dorenkamp at HP/apollo, who wrote to me, explaining that what happened could not possible happen, because all dde does is to run crp ... which together with the suid bit of course explains it all, and the rest is history. I guess I should apologise to all you systems administrators out there, who must have been trying do duplicate my result to no avail, no doubt wasting valuable time in the process. On the other hand, if only one of you had written to me, explaining you did not get this result, I might have figured it out sooner and spared the rest of you the trouble. Someone might or might not want to comment on the appropriateness of coming out with this kind of early information when you think you have found a gaping security hole... If so, please, send the flames to /dev/null. - Harald Hanche-Olsen <hanche@imf.unit.no> Division of Mathematical Sciences The Norwegian Institute of Technology