chip@tct.uucp (Chip Salzenberg) (02/21/91)
According to david@talgras.UUCP (David Hoopes):
>I hate C2. I hate it alot.
Then RUN, do not walk, to your nearest UUCP-capable UNIX computer, and
pick up from SCO the free support level supplement "unx257", entitled
"UNIX Security Supplement." It actually makes C2 security endurable
until that long-awaited day when we can all "rm -rf /tcb /etc/auth"
with maniacal grins reflecting from our publicly visible monitors. :-)
Among the high points:
any user can su(C) to any other user!
su(C) sets the login id!
at(C) and crontab(C) don't complain if the real and login ids don't match!
various commands make administration-without-sysadmsh easier.
And in other cool developments unrelated to C2:
su(C) and login(C) set the supplemental group vector,
so you can belong to up to sixteen groups at once!
login(C) no longer leaves the terminal database locked
once in a while.
su(C) preserves the umask.
Judging by one day of use, SCO really did a good job on this update.
Bravo, ladies and gentlemen, bravo.
First, here's the info on connecting to SCO's machine "sosco":
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
UUCP Connection information:
Machine name: sosco
Phone numbers: (408) 425-3502 (2 lines, 300-9600 baud V.32 standard)
(408) 429-1786 (9600 baud Telebit)
Login name: uusls (forth character is the letter "l" rather than numeral "1")
No password
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After setting up UUCP to sosco, pick three files using commands like
these:
uucp sosco\!~/SLS/info /some/local/dir/sosco-info
uucp sosco\!~/SLS/unx257.ltr /some/local/dir/unx257.ltr
uucp sosco\!~/SLS/unx257 /some/local/dir/unx257
The "info" file contains the connection info above, as well as
miscellanous instructions. The "unx257.ltr" file is the update cover
letter; it will explain the installation procedure and the features
and bug fixes you get when you install the update. The "unx257" file
is the image of the update floppy.
BE SURE TO READ THE COVER LETTER IN ITS ENTIRETY.
For those who wonder if it's reall worth the trouble -- it is! -- here
is the full feature list, excerpted from the cover letter.
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
SLS unx257 includes the following features:
Enhanced crash recovery, including modifications to tcbck(ADM).
Command-line utilities, rmuser(ADM) and unretire(ADM), for removing,
retiring and unretiring users.
The utility, passwdupd(ADM), to create a user who was added to
/etc/passwd file manually.
A hushlogin feature in login(M) for suppressing copyright and other
messages during a login.
A new authck(ADM) -y flag that silently corrects any errors in the
subsystem database.
The utility, fixmog(ADM), to change the permissions of all files to match
their entries in the File Control database.
The utility, cps(ADM), for setting the permissions of individual files to
match their entries in the File Control database.
A locking utility, ale(ADM), that enables administrators to write scripts
that update the Authentication database.
The utility, ttyupd(ADM), that updates the Terminal Control database to
match /etc/inittab.
The utility, asroot(ADM) that allows an authorized user to run a defined
set of commands as superuser without the root password.
New semantics of PASSLENGTH in /etc/default/passwd that represent the
absolute minimum password length to be enforced by passwd(C).
Modifications to su(C)
- Instead of allowing a user to su to root only, users can su
to any account if they have the account password.
- The system can be configured to a C1 level of security so that
su transitions also transfer the authorizations of the account.
(III) Other Improvements and Additions
SLS unx257 also includes the following improvements and additions.
Note: Unless otherwise stated the problems described below are present
in all the software environments specified earlier.
addxusers(ADM)
- Now handles a relative pathname for the name of the input file.
- Allows the passwords of newly added accounts to be changed if they
did not have aging information.
authck(ADM)
- Increased robustness to repair additional errors in the subsystem
database files.
lpadmin(ADM)
- Creates /usr/spool/lp/admins/lp/printer/<printername> with the
correct permissions of 770, owner=lp, group=lp (previous versions
of lpadmin created these directories with various incorrect
permissions).
- Can now be used by a user with the lp authorization.
(This problem is not present in SCO UNIX System V/386 Release 3.2
Operating System Version 2.0.)
lpfilter(ADM) & lpforms(ADM)
- Can now be used by a user with the lp authorization.
(This problem is not present in SCO UNIX System V/386 Release 3.2
Operating System Version 2.0.)
sulogin(ADM)
- The LUID is now set under all circumstances.
- The gid is set to root's group as specified in /etc/passwd.
sysadmsh(ADM)
- The useshell helper program used by sysadmsh now displays
descriptive error messages.
at(C)
- No longer displays error messages when used from an su session.
chmod(C)
- Displays more accurate error messages.
- Error checking done consistently across all combinations of
command line arguments.
crontab(C)
- No longer displays error messages when used from an su session.
- No longer core dumps when an account name for the -u flag is
longer than 5 characters.
- When the -u and -r flags are used to remove an account's crontab
file, the cron jobs for that account are immediately stopped.
(This problem is only present in SCO UNIX System V/386 Release 3.2
Operating System Version 2.0.)
- The File Control database is used to obtain the correct permissions
of crontab files rather than using hardcoded values.
login(C)
- Does not produce the 'cannot access Terminal Control database'
message when a large number of concurrent logins take place.
- The override shell spawned in emergencies now has its LUID set.
- All combinations of null passwords and PASSREQ work as documented.
- Use of an invalid username is now audited as <bad>.
passwd(C)
- Lockfiles are no longer left behind when setting a dial-up password.
su(C)
- No longer makes two entries in the sulog file each time it is used.
umask(C) preservation
- auths(C), su(C), newgrp(C), and at(C) now use the current value
of the user's umask rather than setting it to 077.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
Chip Salzenberg at Teltronics/TCT <chip@tct.uucp>, <uunet!pdn!tct!chip>
"It's not a security hole, it's a SECURITY ABYSS." -- Christoph Splittgerber
(with reference to the upage bug in Interactive UNIX and Everex ESIX)david@talgras.UUCP (David Hoopes) (02/22/91)
In article <27C2B073.352C@tct.uucp> chip@tct.uucp (Chip Salzenberg) writes: >According to david@talgras.UUCP (David Hoopes): >>I hate C2. I hate it alot. > >Then RUN, do not walk, to your nearest UUCP-capable UNIX computer, and >pick up from SCO the free support level supplement "unx257", entitled >"UNIX Security Supplement." It actually makes C2 security endurable >until that long-awaited day when we can all "rm -rf /tcb /etc/auth" >with maniacal grins reflecting from our publicly visible monitors. :-) > I already have it and I still hate C2. -- --------------------------------------------------------------------- David Hoopes Tallgras Technologies Inc. uunet!talgras!david 11100 W 82nd St. Voice: (913) 492-6002 x323 Lenexa, Ks 66214