A security hole
Brandon Allbery
allbery at ncoast.UUCP
Sat Mar 19 10:22:04 AEST 1988
As quoted from <478 at minya.UUCP> by jc at minya.UUCP (John Chambers):
+---------------
| In article <722 at rivm05.UUCP>, ccement at rivm.UUCP (Martien F v Steenbergen) writes:
| > Second, when you really need a setuid program you'll have to check a lot
| > of permissions etc. yourself.
|
| This adds to my conviction that someone doesn't know what they're talking
| about. Do you perhaps mean "setuid-root"? If so, you are of course correct.
| If you don't understand my point, you don't know enough about Unix security
| to pontificate on the subject.
+---------------
If I wasn't *real* careful with the (setuid) program which grabs incoming
sources.misc submissions, someone could gain write access to any of my files.
Such as my .login. This isn't a potential security hole? (The alternative
is to make a certain directory world-writeable; not a sound idea in this case.)
--
Brandon S. Allbery, moderator of comp.sources.misc
{well!hoptoad,uunet!hnsurg3,cbosgd,sun!mandrill}!ncoast!allbery
More information about the Comp.bugs.sys5
mailing list