Setuid on expreserve and exrecover
brian at bradley.UUCP
brian at bradley.UUCP
Mon Jul 18 23:03:00 AEST 1988
> /* Written 10:08 am Jul 14, 1988 by jmc at ptsfa.PacBell.COM */
> In article <794 at pttesac.UUCP> robert at pttesac.UUCP (Robert Rodriguez) writes:
> >Does anyone know the reason for /usr/lib/ex*preserve being
> >set-user-id bin or root ?
>
> Needed on BSD but not on System V due to chown() requiring root privileges.
>
> Do us all a favor and if you are a V. system chmod 555 ex*preserve and
> chmod 777 /usr/preserve. ex*preserve has a well-known security problem.
> If any vendor is still delivering systems with ex*preserve setuid they
> should be shot at sunrise.
I looked at /usr/lib/expreserve on one of the AT&T 3B15's here, and
it is setuid root. Perhaps AT&T should be shot at sunrise? :-)
...............................................................................
When the going gets weird, the weird turn pro.
Brian Michael Wendt UUCP: {cepu,ihnp4,uiucdcs,noao}!bradley!brian
Bradley University ARPA: cepu!bradley!brian at seas.ucla.edu
(309) 677-2230 ICBM: 40 40' N 89 34' W
More information about the Comp.unix.questions
mailing list