eric@mks.com (Eric Gisin) (11/10/90)
Having no password on the "powerdown" userid in Interactive UNIX is a major but non-obvious security risk. Make sure it has the root password. If you want a more secure password-less powerdown userid and you have Interactive 2.2, you can change the shell for powerdown to /usr/admin/powerdown and add the following lines to the top of the /usr/admin/powerdown shell script: #! /bin/sh PATH=/bin:/usr/bin:/usr/lbin export PATH
cpcahil@virtech.uucp (Conor P. Cahill) (11/10/90)
In article <1990Nov9.212510.9086@mks.com> eric@mks.com (Eric Gisin) writes: >If you want a more secure password-less powerdown userid >and you have Interactive 2.2, you can change the shell for powerdown >to /usr/admin/powerdown and add the following lines to the top of >the /usr/admin/powerdown shell script: NEVER NEVER NEVER have a root account without a password. There are too many chances for it to be exploited. Look at what could happen: cpcahil(virtech,61): id uid=100(cpcahil) gid=7(opadmin) cpcahil(virtech,63): su powerdown # id uid=0(root) gid=0(root) -- Conor P. Cahill (703)430-9247 Virtual Technologies, Inc., uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160 Sterling, VA 22170
eric@femto.mks.com (Eric Gisin) (11/13/90)
In article <1990Nov10.132459.10900@virtech.uucp> cpcahil@virtech.uucp (Conor P. Cahill) writes: In article <1990Nov9.212510.9086@mks.com> eric@mks.com (Eric Gisin) writes: >If you want a more secure password-less powerdown userid >and you have Interactive 2.2, you can change the shell for powerdown >to /usr/admin/powerdown and add the following lines to the top of >the /usr/admin/powerdown shell script: NEVER NEVER NEVER have a root account without a password. There are too many chances for it to be exploited. Look at what could happen: cpcahil(virtech,61): id uid=100(cpcahil) gid=7(opadmin) cpcahil(virtech,63): su powerdown # id uid=0(root) gid=0(root) Oops, I meant to give a two part fix. First change /usr/admin/powerdown into an executable shell script that sets a secure PATH and IFS. But I forgot the second part, change the shell in /etc/passwd from /bin/rsh to /usr/admin/powerdown. This avoids "su powerdown" problem. There is still the issue of allowing users to run a shell script as root, either through password-less root accounts or setuid shell scripts. Is it considered a bad idea even for simple shell scripts? Is setting a secure PATH/IFS and being careful with eval and `...` enough?