Setuid on expreserve and exrecover
Jerry Carlin
jmc at ptsfa.PacBell.COM
Fri Jul 15 01:08:20 AEST 1988
In article <794 at pttesac.UUCP> robert at pttesac.UUCP (Robert Rodriguez) writes:
>Does anyone know the reason for /usr/lib/ex*preserve being
>set-user-id bin or root ?
Needed on BSD but not on System V due to chown() requiring root privileges.
Do us all a favor and if you are a V. system chmod 555 ex*preserve and
chmod 777 /usr/preserve. ex*preserve has a well-known security problem.
If any vendor is still delivering systems with ex*preserve setuid they
should be shot at sunrise.
--
Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc
To dream the impossible dream. To fight the unbeatable foe.
More information about the Comp.sys.att
mailing list