Setuid on expreserve and exrecover
Jon H. LaBadie
jon at jonlab.UUCP
Sat Jul 23 23:32:56 AEST 1988
In article <10800022 at bradley>, brian at bradley.UUCP writes:
>
> Do us all a favor and if you are a V. system chmod 555 ex*preserve and
> chmod 777 /usr/preserve. ex*preserve has a well-known security problem.
> If any vendor is still delivering systems with ex*preserve setuid they
> should be shot at sunrise.
>
I prefer the following scheme, it has the advantage of retaining a
degree of privacy to users preserved editor buffers.
1. Create a new, separate group, e.g. "editor"
2. Chgrp on /usr/preserve to editor
3. Chmod on /usr/preserve to 774
4. Chgrp on /usr/lib/ex*preserve and /usr/lib/ex*recover to editor
5. Chmod on /usr/lib/ex*preserve and /usr/lib/ex*recover to 2751
i.e. set the group id bit
Now the preserve/mechanism is functional without any root permissions,
and the preserve directory is also protected.
--
Jon LaBadie
{att, ulysses, princeton}!jonlab!jon
More information about the Comp.unix.questions
mailing list