[net.bugs.v7] Possible at

wapd@houxj.UUCP (06/01/83)

	This is only one of many ways in which AT(1) can cause
security breaches.  Set up properly, AT is fully secure (at least
on BTL systems running equivalents of System III and IV).

	However, there are many ways for administrators to make
mistakes that cause a security breach.  If the AT spool directory
is writable, you can create dummy files owned by various users
and anything can happen.  If files in the directory are writable,
you can change the commands in them and break security.  If the
directory above the spool directory is writable, you can remove the
entire spool directory and make your own.  And so on ...

					Bill Dietrich
					houxj!wapd