UNIX file setuid sucurity hole?
ssl at ptsfa.UUCP
ssl at ptsfa.UUCP
Sat Mar 14 01:29:03 AEST 1987
In article <695 at aw.sei.cmu.edu.sei.cmu.edu> pdb at sei.cmu.edu.UUCP (Pat Barron) writes:
>In article <2168 at ncoast.UUCP> robertd at ncoast.UUCP (Robert DeMarco) writes:
>> It just accured to me that,
>>thanks to the chown command and "setuid
>>to owner when executing this C program"
>>that no ones file is realy safe.
>>
>Easy. Remember, unless you are the super-user, you can't use the chown command
>at all, not even to chown one of your own files.
Hold it, folks, what version of UNIX you guys are talking about.
On AT&T's SVR2, we don't really have much problem. 'chown' is used
to change ownership only, and 'chmod' is used to set file mode, setuid,
sticky bit and stuffs. We can only 'chown' and 'chmod' by a file's owner,
and 'chown' is smart enough to reset the suid bit when a file's ownership
is released to another id. It came this way from AT&T, and we never had
to hack with the kernel.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sam Lok San Francisco {ihnp4,pyramid,qantel}!ptsfa!ssl
|| To err is human, to really foul things
I disclaim my disclaimer! || up requires super-user privilege!
More information about the Comp.unix.wizards
mailing list