[Coco] setuid? wasRe: Telnet to your CoCo.. and invite 6 of your friends
Aaron Wolfe
aawolfe at gmail.com
Sun Nov 29 19:13:05 EST 2009
On Sun, Nov 29, 2009 at 6:19 PM, Willard Goosey <goosey at virgo.sdc.org> wrote:
> On Sun, Nov 29, 2009 at 08:08:36AM -0500, Aaron Wolfe wrote:
>> The OS9 F$SUser works as described in the docs. It will let you
>> become any user you'd like. I wrote a tiny (41 bytes in module form)
>> 'su' command to verify, the relevant code is:
>
> Nice job!
>
> I'm disappointed by the results, but that's not YOUR fault.
>
> Sad thing is, it's probably not worth doing anything about. The
> system call itself would be a pretty easy fix (cmp <current usr>,0 bne
> denied) but then, there are programs non-root users need that want to
> become root. A password-changer program comes to mind.
>
> So yeah, I guess you were right in the first place: If you're going
> to expose OS-9 to a hostile network, run a BBS that does its own
> security.
>
I think this reflects the attitude towards computer security,
especially on micros, at the time OS-9 was created. Basically, more
of a feature than a requirement. Having a simple way to change user
ID was probably more useful to the typical 6809 system owner than
having strict security. Many 6809 systems were single user, and as
far as I know none of them were connected to potentially hostile
networks. You would typically have family or maybe employees as your
users. Ease of programming and keeping the kernel small is more
important than enforcing tight security.
Another option for "safe" internet access is to combine Boisy's idea
of locking access at the DriveWire server side with a simple account
system. When a new connection is established to the telnet server
built into Drivewire, the user has the option of authenticating before
being connected to a port on the Coco. If they authenticate, write
access is enabled. If they don't, the disks are read only (OS-9 still
allows writes, but drivewire discards them). This would be simple and
secure, think I will add support for it unless someone has a better
idea.
-Aaron
> Willard
> --
> Willard Goosey goosey at sdc.org
> Socorro, New Mexico, USA
> I search my heart and find Cimmeria, land of Darkness and the Night.
> -- R.E. Howard
>
> --
> Coco mailing list
> Coco at maltedmedia.com
> http://five.pairlist.net/mailman/listinfo/coco
>
More information about the Coco
mailing list