fitz@wang.com (Tom Fitzgerald) (02/28/91)
paulz@sco.COM (W. Paul Zola) writes: > The supplement name is "The SCO UNIX System V/386 Release 3.2 Security > Supplement", and the SLS number is unx257. This SLS is availible > for anonymous UUCP via sosco, and through the usual support channels. [...] > The utility, asroot(ADM) that allows an authorized user to run a defined > set of commands as superuser without the root password. One warning to people who install this thing - commands like "asroot" (and "sudo", a PD version of the same thing) are substantial security holes. Personally I've had great luck penetrating root on any system where these tools are installed. Not because they're holes themselves, but because user accounts are usually much easier to break into than the root account, and these tools give you a free ride from the user's account into root. "rm asroot" is strongly recommended. --- Tom Fitzgerald Wang Labs fitz@wang.com 1-508-967-5278 Lowell MA, USA ...!uunet!wang!fitz
allbery@NCoast.ORG (Brandon S. Allbery KB8JRR) (03/03/91)
As quoted from <b1ii3e.4n3@wang.com> by fitz@wang.com (Tom Fitzgerald): +--------------- | paulz@sco.COM (W. Paul Zola) writes: | > The utility, asroot(ADM) that allows an authorized user to run a defined | > set of commands as superuser without the root password. | | One warning to people who install this thing - commands like "asroot" (and | "sudo", a PD version of the same thing) are substantial security holes. +--------------- Yes. I plan to wipe it off our systems after installing the update, just as a successfully campaigned to remove a similar command (homegrown) from ncoast. I can't justify its use against the security risk. There are more security holes in su, though (even in SCO UNIX) --- or, should I say, they aren't actually in su per se but can use su to be activated. The technique uses su -c, although under BSD one could use TIOCSTI to do it as well. The only fix for this is to run su always with an explicit pathname, preferably after moving it from /bin to somewhere else --- because the only other "fix" would completely gut the shell. ++Brandon -- Me: Brandon S. Allbery VHF/UHF: KB8JRR on 220, 2m, 440 Internet: allbery@NCoast.ORG Packet: KB8JRR @ WA8BXN America OnLine: KB8JRR AMPR: KB8JRR.AmPR.ORG [44.70.4.88] uunet!usenet.ins.cwru.edu!ncoast!allbery Delphi: ALLBERY