From proff Tue Oct 1 05:21:58 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id FAA00389 for best-of-security; Tue, 1 Oct 1996 05:21:57 +1000 Received: (list@localhost) by suburbia.net (8.7.4/Proff-950810) id CAA27051 for proff@suburbia.net; Tue, 1 Oct 1996 02:47:00 +1000 X-Envelope-From: cmacneill@securid.com Tue Oct 1 02:46:59 1996 Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id CAA27041 for ; Tue, 1 Oct 1996 02:46:59 +1000 Received: from pdx1.world.net(192.243.32.18) via SMTP by suburbia.net, id smtpd26795daa; Tue Oct 1 02:46:40 1996 Received: from tholian.securid.com (tholian.securid.com [204.167.112.129]) by pdx1.world.net (8.7.5/8.7.3) with ESMTP id JAA08401 for ; Mon, 30 Sep 1996 09:13:13 -0700 (PDT) Received: from ccgate.securid.com by tholian.securid.com (8.7.6/8.7.3) with SMTP id MAA21887 for ; Mon, 30 Sep 1996 12:13:46 -0400 (EDT) Received: from ccMail by ccgate.securid.com (IMA Internet Exchange 2.0 Enterprise) id 24FEFDA0; Mon, 30 Sep 96 12:05:46 -0400 Mime-Version: 1.0 Date: Mon, 30 Sep 1996 12:10:10 -0400 Message-ID: <24FEFDA0.1953@securid.com> From: cmacneill@securid.com (Chris Macneill) Subject: Big SecurID Hole?? To: "BOS" Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Approved: proff@suburbia.net Our thanks to David L. Reoch dave@pbi.net and Richard Perlman (no address) for pointing out the potential security problem of $VAR_ACE set to 777. This problem has been caused by an attempt to remove the requirement for root ownership and "suid" set on the sdshell authentication program. Unfortunately you cannot remove these requirements without opening up the $VAR_ACE directory to read-write access for the world. This is due to the requirement that all users be able to create and read the nodesecret file. Thus administrators have the choice, you either set sdshell as root with suid set and $VAR_ACE with something between 775 and 664 permissions (I personally favour 660, since only owner and group need to read or write to $VAR_ACE and I don't see any reason why anyone needs to execute anything in this directory). Alternatively you leave things as they are. You need to choose between the root ownership and suid set status of sdshell versus the open permissions on $VAR_ACE and nodesecret. In ACE/Server v2.2.1 we will be returning to the original requirement of root ownership and suid set for sdshell as the default and at least 775 restrictions on $VAR_ACE. If anyone has any responses to this posting, please send them to the ACE/Server admin specific maillist at:- sdadmin@jabberwocky.bbnplanet.com Regards Chris Macneill Advanced Support Manager Security Dynamics Technologies, Inc.