[2185] in Release_Engineering
warning - suid files in afs
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Mon Feb 19 16:00:29 1990
From: qjb@ATHENA.MIT.EDU
Date: Mon, 19 Feb 90 15:59:47 -0500
To: wesommer@ATHENA.MIT.EDU
Cc: rel-eng@ATHENA.MIT.EDU, vice-squad@ATHENA.MIT.EDU
In-Reply-To: Bill Sommerfeld's message of Sun, 18 Feb 90 15:35:04 -0500 <9002182035.AA03754@E40-008-8.MIT.EDU>
Well, I recognize that it is a feature. I guess my point was
that public workstations aren't too secure anyway so it wasn't
worth the trade for the other problem. A better solution is to
introduce the means of updating arbitrary local files on the
workstation at deactivate time without having to do a release.
Also, someone has to remember to make a list of cells from which
setuid software can be run. At the very least, we need athena
and testers since things like X11R4 are in testers. I don't
know whether there is any reason to have the SIPB cell in the
list; I suspect not, but I don't know for sure.
I guess the days of being able to put suid things in the soup
cell with the reasoning that they won't work on a secure machine
is over... Oh well. That's okay... :-)
Jay
