TUHS

tuhs@tuhs.org

17 participants
6470 discussions

by Warren Toomey

https://www.youtube.com/watch?v=g3jOJfrOknA National Inventors Hall of Fame - NIHF Published on Feb 18, 2019 Bell Labs colleagues Ken Thompson and Dennis Ritchie developed UNIX, a multi-tasking, multi-user operating system alternative to the batch processing systems then dominating the computer industry. Not sure why I hadn't seen this before :) Cheers, Warren

5 years, 8 months

Re: [TUHS] Set-uid shell scripts

by jnc＠mercury.lcs.mit.edu

> From: Dave Horsfall > Well, it's in the Subject: line :-) That was my _assumption_, but you know the old line about assumptions. Noel

5 years, 8 months

Re: [TUHS] Set-uid shell scripts

by jnc＠mercury.lcs.mit.edu

> From: Alec Muffett >>> ln -s /bin/scriptname ./-i >>> "-i" # assuming that "." is already in your path 'scriptname' (above) would have to be a shell script which was SETUID root? That was part of what I was missing, along with the below. > The cited filename is passed as argv[1] I wonder why it passed the link name, instead of the actual filename of the target (script)? Perhaps to allow one script to have multiple functions, depending on the name it was called with? But that could have been done with hard links? (Adding a hard link must require write access, because the link count in the inode has to be updated? So it would be equally secure as not having an SUID program with write access.) Part of the problem is having the kernel involved in starting shell scripts; convenient in some ways, but V6 etc worked fine without that 'feature'. Noel

5 years, 8 months

Re: [TUHS] Set-uid shell scripts

by Norman Wilson

Noel Chiappa: I wonder why it passed the link name, instead of the actual filename of the target (script)? Perhaps to allow one script to have multiple functions, depending on the name it was called with? ==== In fact the latter is still used here and there in standard system distributions. But from a security viewpoint it doesn't matter. For ln -s /bin/scriptname ./-i substitute execl("/bin/scriptname", "-i", (char *)0); If you can execute a program, you can fake its arguments, including argv[0]. There is no defence. Norman Wilson Toronto ON

5 years, 8 months

Re: [TUHS] Set-uid shell scripts

by jnc＠mercury.lcs.mit.edu

> From: Alec Muffett > until someone realised that you could do: > ln -s /bin/scriptname ./-i > "-i" # assuming that "." is already in your path > ...and get a root shell. I'm clearly not very awake this morning, because I don't understand how this works. Can you break it down a little? Thanks! Noel

5 years, 8 months

Set-uid shell scripts

by Dave Horsfall

Is it just me, or did someone actually implement set-uid scripts? I've proposed some silly things over the decades (my favourite is stty() working on things other than terminals, and guess what, we got ioctl() etc) but I have a vague recollection of this... The trouble is, I've worked with dozens of Unix-based vendors over the years (some good, some not so much) and so I've lost track of all the stupidity that I've seen. ObAnecdote: Just about every Unix vendor went belly-up shortly after I left them (under various circumstances), because the waste-of-space middle managers simply did not appreciate the importance of having a Unix guru on board if you're in the game of selling Unix boxen. I'd happily name them, but I think the principals are still alive :-) -- Dave

5 years, 8 months

Re: [TUHS] Who's behind the UNIX filesystem permission

by Doug McIlroy

Read and write permission were common ideas--even part of the Atlas paging hardware that was described before 1960. The original concept of time-sharing was to give a virtual computer to each user. When it became clear that sharing was an equally important aspect, owner/other permissions arose. I believe that was the case with Multics. Owner/other permissions were in PDP-11 Unix from the start. Group permissions arose from the ferment of daily talk in the Unix lab. How might the usual protections be extended to collaborative projects? Ken and Dennis deserve credit for the final implementation. Yet clean as the idea of groups was, it has been used only sporadically (in my experience). Execute permission (much overloaded in Unix) also dates back to the dawn of paging. One Unix innovation, due to Dennis, was the suid bit--the only patented feature in the Research system. It was instantly adopted for maintaining the Moo (a game now sold under the name "Master Mind") league standings table. One trouble with full-blown ACLs as required by NSA's Orange Book, is obscurity. It is hard (possibly NP- complete) to analyze the actual security of an ACL configuration. A common failing of Unix administration was a proliferation of suid-root programs, e.g. mail(1). I recall one system that had a hundred such programs. Sudo provided a way station between suid and ACLs. Doug

5 years, 8 months

Re: [TUHS] Who's behind the UNIX filesystem permission

by jnc＠mercury.lcs.mit.edu

> From: Arthur Krewat > there's the setuid bit on directories - otherwise known as the sticky > bit. Minor nit; in V6 at least (not sure about later), the 'sticky' bit was a separate bit from SUID and SGID. (When set on a pure/split object file, it told the OS to retain the text image on the swap device even when no active process was using it. Hence the name...) Noel

5 years, 8 months

Video of PDP-7 with Graphics-2?

by Warren Toomey

Hi all, I'm chasing the Youtube video of the PDP-7 at Bell Labs where people are using it to draw circuit schematics. This seems to show the Graphics-2 module that, I believe, was built at the Labs. Can someone e-mail the URL? I've done some grepping but I haven't found it yet. Thanks, Warren

5 years, 8 months

Re: [TUHS] Additional groups and additional directory permissions

by Norman Wilson

Thomas Paulsen: isn't Kirk McKusic a member of our group? ==== Kirk is a member of many groups, all at the same time. Norman Wilson Toronto ON

5 years, 8 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

1996

1995

1994

1993

1992

1991

1990

TUHS