[410] in Release_7.7_team
re: What to do with MAE?
daemon@ATHENA.MIT.EDU (Mike Barker)
Thu Jan 4 15:13:25 1996
From: Mike Barker <mbarker@MIT.EDU>
To: dot@MIT.EDU
Cc: mbarker@mit.edu.reidmp, cfields@MIT.EDU, release-team@MIT.EDU,
kcunning@MIT.EDU, carla@MIT.EDU
Date: Thu, 04 Jan 1996 15:12:00 EST
after discussion with craig, the implementation details will probably
change.
Specifically, Craig thinks we can use a SUID program to "wrap" MAE.
The program will basically become root, do the chmod on the ethernet
driver, change back to the user id, then execute MAE. Reactivate (the
cleanup system) will be enhanced to chmod the ethernet driver back to
the normal level of security.
Some problems that we will need to consider:
1. what if the user/workstation is not "priviledged" to run MAE?
could this be used to chmod the driver which can then be accessed by a
normal user program?
2. what if the user (for some other reason) wants to chmod the
ethernet driver? reactivate will "fix" this for them, even if they
don't want it fixed.
So we probably don't need to provide private workstations with special
warnings or memos about the hole in the ethernet.
The good news is that Craig expects to put the release out for
friendly testing Monday night (1/8/96).
sorry about the confusion
Mike
