details of dmr's solution
utzoo!decvax!ucbvax!unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Fri Oct 16 00:05:49 AEST 1981
>From teklabs!tekmdp!azure!grahamr at Berkeley Thu Oct 15 21:47:28 1981
Does this table agree with Mr. Ritchie's solution?
process ids match:
no file ids file gid file uid both
----------- -------- -------- ----
setuid file: no w access no w access use u w bit use u w bit
setgid file: no w access use g w bit no w access use g w bit
both: no w access use g w bit use u w bit use u w bit
The interesting cell in this table occurs where the file is owned by
the user and group who owns the process, yet the group protection bit is
used because the file is setgid and not setuid. Is this right? If so, it
makes me suspicious of the correctness of the whole bottom row. For a
file which is both setuid and setgid, perhaps there should be no w access
except to processes with matching uid AND gid. If this is right, then
perhaps in case both match, some combination of the u and g bits should
be used instead of the usual owner-first strategy (which I have used here).
The solution expressed in my table solves Mr. Bellovin's problem (at the
cost of making his program setgid as well as setuid).
I certainly hope that whatever solutions are found to the real vs.
effective questions will simply apply across the board here.
In my experience it's details like these that make or break a protec-
tion strategy. So speak up, dmr! What did you mean?
-Graham Ross (duke!chico!teklabs!tekmdp!grahamr)
More information about the Comp.unix.wizards
mailing list