rock-and-roll [Re: Retaining file permissions] [long]
David Zink
zink at panix.uucp
Fri Mar 8 10:47:00 AEST 1991
brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
(About not-clearing suid bits upon writes to non-executable files)
> Contentions about theoretical behavior are cute, but this is the real
> world. Machines have real users who make real mistakes. Your proposed
> change that would increase the chance of mistakes and has no obvious
> advantages. It should never be adopted.
You pedantic twit. Try your example in the real world and see what
happens.
> Joe compiles a setuid program and sets it up:
> Sally, in the same group and doing work in the same directory, writes
Joe is the J prompt and Sally is the S prompt.
J> cc -o foo foo.c
J> chmod u+s foo
S> find /etc -print > foo
J> # oops, umask is 002, better keep that file safe from carelessness by group
Of course, umask is obviously 013, at least.
J> chmod g-w foo
J> # and make it available...
J> chmod g+x foo
> Please stop blabbering about security holes now.
> ---Dan
Now fix all the security holes as per Dan's perfect world.
J> cc -o foo foo.c
S> find /etc -print > foo
J> # oops, umask is 002, better keep that file safe from carelessness by group
Of course, umask is obviously 013
J> chmod g-w foo
J> chmod u+s foo
J> # and make it available...
J> chmod g+x foo
Please stop blabbering now.
---David
Unix is _not_ designed to protect stupid users from their stupidity. It is
designed to make useful work possible.
For added fun, have joe set umask 022 before starting. No hole in either case.
_I_ know, setting suid should delete executable files,
that'll make Dan happy.
More information about the Comp.unix.internals
mailing list