rock-and-roll [Re: Retaining file permissions] [long]

terryl at sail.LABS.TEK.COM terryl at sail.LABS.TEK.COM
Mon Mar 11 19:23:36 AEST 1991 

In article <1991Mar8.004700.27664 at panix.uucp> zink at panix.uucp (David Zink) writes:
+brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
+(About not-clearing suid bits upon writes to non-executable files)
+> Contentions about theoretical behavior are cute, but this is the real
+> world. Machines have real users who make real mistakes. Your proposed
+> change that would increase the chance of mistakes and has no obvious
+> advantages. It should never be adopted.
+
+You pedantic twit.  Try your example in the real world and see what
+happens.
+
+> Joe compiles a setuid program and sets it up:
+> Sally, in the same group and doing work in the same directory, writes
+Joe is the J prompt and Sally is the S prompt.
+
+J>   cc -o foo foo.c
+J>   chmod u+s foo
+S> find /etc -print > foo

     Bad example; how about this one????

S> cp /bin/sh foo;./foo

     Now Sally has a shell running under Joe's userid, which is probably NOT
what he wanted. Depending on how malicious Sally is, she could delete ALL of
Joe's files. Sounds like a real BIG security hole to me....

+J># oops, umask is 002, better keep that file safe from carelessness by group
+Of course, umask is obviously 013, at least.

     No it's not, only in your mind. You haven't provided ANY information to
lead us to this conclusion.

+J>   chmod g-w foo
+J>   # and make it available...
+J>   chmod g+x foo

     Lord knows I've dinged Dan in the past, but this time he is 100% correct.
If you don't think it's a security hole, can I have an account on your machine
where the set-user-id bit is NOT cleared on writes????

     It's also interesting to note that you directed followups to alt.flame
and some other alt.<newsgroup>. You really didn't think we would fall for that
old trick now, did you????

__________________________________________________________
Terry Laskodi		"There's a permanent crease
     of			 in your right and wrong."
Tektronix		Sly and the Family Stone, "Stand!"
__________________________________________________________

More information about the Comp.unix.internals mailing list