[Coco] Telnet to your CoCo.. and invite 6 of your friends
farna at att.net
farna at att.net
Mon Nov 30 11:24:08 EST 2009
I'm not very OS-9 literate. I'm assuming F$SETID is built into the kernel and not easily disabled? Would it be hard to write a routine that would intercept such a call and disable it, or disable it in some other way? I would think that for a server there is no real need to switch user IDs. Only the main server needs an ID of 0 (super user status). If another user is hung up they can just be terminated by user 0.
---------------
Date: Sat, 28 Nov 2009 15:17:12 -0700
From: Willard Goosey <goosey at virgo.sdc.org>
On Sat, Nov 28, 2009 at 07:53:42AM -0500, Aaron Wolfe wrote:
> I've got the inbound TCP connection portion of my project completed.
> You can now have up to 7 inbound connections to your CoCo using
> telnet.
Before you get to crazy with this you might want to play around with
programs that use setuid(). I was thumbing through the Tandy LII docs
a few days ago and noticed that, according to that infamously
error-ridden book, F$SETID (or whatever exactly it's called) doesn't
do any sort of security check, it just succeeds. In other words, any
user can change his user id to any other user.
--
Frank Swygert
Publisher, "American Motors Cars"
Magazine (AMC)
For all AMC enthusiasts
http://farna.home.att.net/AMC.html
(free download available!)
More information about the Coco
mailing list