[408] in Release_7.7_team
What to do with MAE?
daemon@ATHENA.MIT.EDU (Mike Barker)
Thu Jan 4 12:19:00 1996
To: dot@MIT.EDU
Cc: reidmp@MIT.EDU, cfields@MIT.EDU, release-team@MIT.EDU, kcunning@MIT.EDU,
carla@MIT.EDU
Date: Thu, 04 Jan 1996 12:18:50 EST
From: Mike Barker <mbarker@MIT.EDU>
- a. mae seems to require that ethernet drivers be publicly
-read/writable, which is bad for security (allows anyone to easily
-access network traffic).
After consideration and discussion with the release team, we have
decided that the best approach is:
1. Make the changes on the packs to make the ethernet drivers be
publicly read/write.
2. Notify private workstation people that this change is coming.
Provide clear instructions for checking whether autoupdate is set
on their workstation and how to set it to off if they do not want
to take the update. Also provide instructions on how to check the
ethernet driver and how to chmod it if they want to protect their
security.
I.e., we are going to make security of the private workstation depend
on the user.
Public workstations already are vulnerable to this kind of security
hole as anyone can easily become root and chmod the driver.
Craig, will you please proceed with making the changes on the packs?
kevin, carla, dot--I'm not sure how to get the word out to the
workstation owners, but here's a draft of the memo. Let me know
what's next, okay?
Draft memo:
As part of the IAP 1996 Athena Release, sun systems will have their
ethernet driver made publicly accessible. This change is necessary to
support third party software (Mac Application Emulator) but it does
weaken security on a private workstation.
If you do not want to take this update, please take the following steps:
1. more /etc/athena/rc.conf
if
AUTOUPDATE=true; export AUTOUPDATE # Automatically update?
2. edit /etc/athena/rc.conf using your favorite editor
to
AUTOUPDATE=false; export AUTOUPDATE # Automatically update?
3. reboot your machine.
If you want to take the update but still keep the ethernet driver private--
1. wait until your system has taken the update. you can force this by
rebooting your system.
2. check the status of the driver by:
athena% ls -l /devices/pseudo/clone@0:le
crw-rw-rw- 1 root sys 11, 40 May 3 1994 /devices/pseudo/clone@0:le
3. chmod the driver by
athena% chmod 600 /devices/pseudo/clone@0:le
4. check by
athena% ls -l /devices/pseudo/clone@0:le
crw------- 1 root sys 11, 40 May 3 1994 /devices/pseudo/clone@0:le
Note that if you do this, you will need to repeat the process whenever
there is an update or new installation on your machine.
