[Coco] setuid? wasRe: Telnet to your CoCo.. and invite 6 of your friends
Tim Fadden
t.fadden at cox.net
Mon Nov 30 17:02:49 EST 2009
To the thread in general, not you Willard. :-)
You are all talking about using a system call and creating a program and
than being able to change userID. Thats great, but how does the program
get on the host computer when there is no way to compile on it, or
transfer files to it? If all you can do is see in your own home
directory, and do a list, dir or start a bbs menu or what I the super
user allows you to use, how do you get the offending program on there?
Of course you can hack your own system! Given physical root access to
any machine it can be hacked. Many can be hacked without root access!
Logging in remotely with a sub-set of safe to run commands is a whole
different story. In fact I contend that os9 would be harder to exploit
than any current operating system. There are NO network protocals
running whatsoever! No browsers, no email etc. etc.
I'm tempted to give you remote access and see if you can hack it! he he he
Tim
Willard Goosey wrote:
> On Sun, Nov 29, 2009 at 07:13:05PM -0500, Aaron Wolfe wrote:
>
>> I think this reflects the attitude towards computer security,
>> especially on micros, at the time OS-9 was created. Basically, more
>> of a feature than a requirement.
>>
>
> No doubt. Still, it surprised me. Motorola is the home of "Friar
> Tuck" and "Robin Hood", after all. ;-) (Look in the Jargon File) Of
> course, it may just be the Tandy version that had SETID broken.
>
>
>> Another option for "safe" internet access is to combine Boisy's idea
>> of locking access at the DriveWire server side with a simple account
>> system.
>>
>
> Yes, since you've got a PC as a front-end box you can handle the
> security there.
>
> Willard
>
More information about the Coco
mailing list