vanpelt@crd.ge.com (wayne e vanpelt) (09/14/90)
Recently one of my coworkers attended a Usenix Conveference on Security. He brought back with him COPS, a script that will indicate various weeknesses existing on a particular system. When executed on our vax 3500 running ultrix 3.2 it indicated that /dev/kmem and /dev/mem were world readable. When this permission was removed, various programs broke (ps, uptime, and w I know about and adjusted). It appeared to cause some mail to bounce but I'm not sure if that was a result of the change. Does anyone have a list of the programs that come with ultrix that need permission to read /dev/kmem? (Please respond via e-mail to 'vanpelt@crd.ge.com' as I do not regularly read this news group). Thanks, Wayne
iglesias@orion.oac.uci.edu (Mike Iglesias) (09/14/90)
In article <11883@crdgw1.crd.ge.com> vanpelt@crd.ge.com (wayne e vanpelt) writes: >Recently one of my coworkers attended a Usenix Conveference on Security. >He brought back with him COPS, a script that will indicate various >weeknesses existing on a particular system. When executed on our vax >3500 running ultrix 3.2 it indicated that /dev/kmem and /dev/mem were >world readable. When this permission was removed, various programs broke >(ps, uptime, and w I know about and adjusted). It appeared to cause some >mail to bounce but I'm not sure if that was a result of the change. > >Does anyone have a list of the programs that come with ultrix that need >permission to read /dev/kmem? (Please respond via e-mail to >'vanpelt@crd.ge.com' as I do not regularly read this news group). I recently did this on my DECstation 3100 running Ultrix 3.1. I used group 6 as kmem, since that's what our Ultrix v4.0 system uses (DEC has fixed this for you in v4.0). All these programs need to be chgrp'd to kmem and chmod'd to 2755 (or 6755 if it's setuid root). Here's the list of programs that needed fixing: /bin/ps /dev/kmem /dev/mem /usr/etc/pstat /usr/etc/arp /usr/etc/nfsstat /usr/bin/iostat /usr/bin/ipcs /usr/bin/mail /usr/ucb/netstat /usr/ucb/uptime /usr/ucb/vmstat /usr/ucb/w Mike Iglesias University of California, Irvine Internet: iglesias@orion.oac.uci.edu BITNET: iglesias@uci uucp: ...!ucbvax!ucivax!iglesias
pavlov@canisius.UUCP (Greg Pavlov) (09/17/90)
We are about to undertake what is for us a major acquisition of 3rd party
disks - apx. 15 for four DECsystem 5000's. I would very very mucappreciate
letters, recommendations, etc, from anyone who has done so already. We have
successfully used 3rd party disks in the past - on uVAXen and DEC 3100's -
but we would very much like to hear of definitive experiences of what works/
doesn't work/is a major hassle to configure on DEC 5000's.
many thanks, greg pavlov, fstrf, amherst, ny