[2907] in Release_Engineering
Re: /mit/x11/build/pmax permissions
mhpower@ATHENA.MIT.EDU (mhpower@ATHENA.MIT.EDU)
Sat Aug 1 22:57:13 1992
>add yourself as trusted to /etc/athena/attach.conf.
Maybe not. On a server machine which allows logins by any "untrusted"
users, having "trusted" users in attach.conf is often inappropriate,
since an intruder may be able to login to a trusted user's account and
then obtain root access after some attach command.
One possibility is that the intruder has the trusted user's null
instance password, but doesn't know the corresponding root instance
password that would ordinarily be needed for root access. There are
other possibilities, too, that perhaps are best not described in a
public meeting.
>>where I can't easily use detach -O.
>2) Any machine that you and I both use that I attach x11r5 on, you
>have root access on.
Not rosebud. However, rosebud doesn't require -O for detach, so the
problem (if there is one) must be elsewhere.
In any case, this is no longer a "Release_Engineering" issue, so
please move the discussion to, say, Whither-SIPB or (preferably) drop
it entirely...
