Interesting bug...

[Barry Shein]

This one has never bit me before, perhaps it's been beaten to death
(this all applies under both 4.2 and SYS/V I believe.)

Your news software (for example) is all nicely set up so everything
is setuid'd to pseudo-user news (eg. inews.)

A user, trying to be a good citizen, puts a file size limit of, oh,
2M into his/her/its .login/.profile.

An attempt to post news fails with a Filesize Limit Exceeded because
of the inherited file size limit.

I haven't tried to trace this down so perhaps it's something else, but
that's the basic symptoms and my (outside) diagnosis. Makes sense to
me, but seems like a real design problem, no? Surely if this is the
case a) it's a bad reason to make all the news [or whatever] software
setuid root and b) it's a bad reason for the user to remove his/her/its
file size limit.

The only fix I can think of off hand is to wrap the news commands in a
setuid root 'shell' which then su to news after fixing the various
limits, but it sure seems to be a lurking nuisance (that is, what else
needs to be fixed like this so as not to bite hard on nice users?)

Just thought you'd appreciate something else to worry about.

	-Barry Shein, Boston University

P.S. The actual problem was exhibited on a SUN Release 3.0 but I
am pretty sure it's generic to all 4.2/SYSV.