A security hole
Stephen J. Friedl
friedl at vsi.UUCP
Wed Apr 13 10:49:44 AEST 1988
In article <7659 at brl-smoke.ARPA>, gwyn at brl-smoke.ARPA (Doug Gwyn ) writes:
> The "alternative" has to be used, since writing a file normally
> clears the set-?ID bits, at least on reasonable implementations
> of UNIX. (The exception is when UID 0 does this, but "news"
> should not be UID 0.)
SVR2 and SVR3 on the 3B2 don't clear set-?ID bits on write, and
I've not heard of any straight Sys V ports that do this. No comment
on the "reasonable" tag, but I think that clear-set?id-on-write
is not as widespread as the above paragraph might indicate. Too bad.
--
Steve Friedl V-Systems, Inc. "Yes, I'm jeff at unh's brother"
friedl at vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl
More information about the Comp.bugs.sys5
mailing list