mvdir, is or is not a bug?
Ian Donaldson
rcodi at yabbie.rmit.oz
Fri Jan 23 15:27:46 AEST 1987
In article <512 at csun.UUCP>, aeusemrs at csun.UUCP (Mike Stump) writes:
> Gee, I though every one knew why they FIXED mv in System V.
> It is a security loophole, isn't it obvious? (:-)) That is why
> they ONLY allow root to run it in SVR2.
> Ok, now to get to the meat of the matter:
<long explanation of an example>
> it
> is the problem with the person that set up the group write
> priv on d0 that screwed it all up
Yes, but since it is a problem with some administrator screwing things
up then why change the mv command? The problem would have surely disappeared
by using chmod appropriately, no? Publicly or Group writeable directories
are certainly asking for trouble in the wrong environment.
If there is a better explanation of why mvdir was separated out from mv,
I and probably many others are all ears.
> I agree completely (I hope) that Unix (when
> managed properly) is very secure.
Surely, as good as the next system. Given the freedom that *can*
be made available under UNIX in the appropriate environments that just *isn't*
available on a lot of other O/S's, its certainly nice to have a
choice in the matter.
> I know this one little article is going to cause an avalanche
> of of articles, but I feel I can say nothing to stop them...
You're probably right.
Ian D.
More information about the Comp.bugs.sys5
mailing list