UNIX file setuid sucurity hole?
pdb at sei.cmu.edu.UUCP
pdb at sei.cmu.edu.UUCP
Fri Mar 13 18:04:21 AEST 1987
In article <2168 at ncoast.UUCP> robertd at ncoast.UUCP (Robert DeMarco) writes:
> It just accured to me that,
>thanks to the chown command and "setuid
>to owner when executing this C program"
>that no ones file is realy safe.
>
...
> How can you protect against
>this?
>
Easy. Remember, unless you are the super-user, you can't use the chown command
at all, not even to chown one of your own files. There are a number of reasons
for that; the problem you pointed out is one of them. As it pointed out in the
original Version 7 programmer's manual, if you were on a system with disk space
accounting, if just anyone could chown stuff, you could subvert the accounting
system.
Of course, if you are running on a system which does allow random users to
use chown (I've never heard of such a beastie, but just for the sake of
argument...), I'd have have chown clear the 6000 bits of a file's protection
as part of the chown process (and, of course, you couldn't reset them, since
you can't chmod a file you don't own....)
--Pat.
More information about the Comp.unix.wizards
mailing list