wapd@houxj.UUCP (06/01/83)
This is only one of many ways in which AT(1) can cause security breaches. Set up properly, AT is fully secure (at least on BTL systems running equivalents of System III and IV). However, there are many ways for administrators to make mistakes that cause a security breach. If the AT spool directory is writable, you can create dummy files owned by various users and anything can happen. If files in the directory are writable, you can change the commands in them and break security. If the directory above the spool directory is writable, you can remove the entire spool directory and make your own. And so on ... Bill Dietrich houxj!wapd