UNIX file setuid sucurity hole?
guy at gorodish.UUCP
guy at gorodish.UUCP
Sat Mar 14 10:41:44 AEST 1987
> It just accured to me that,
>thanks to the chown command and "setuid
>to owner when executing this C program"
>that no ones file is realy safe.
Well, you're wrong. The "chown" command uses the "chown" system call. The
"chown" system call either requires you to be the super-user, or turns of
the set-UID and set-GID bits if executed by somebody other than the
super-user, so you can't create a program that's set-UID to somebody other
than yourself unless you're the super-user. This is all documented in the
manual page for the "chown" system call, and would also be obvious if you
actually tried "chown" on a set-UID program.
More information about the Comp.unix.wizards
mailing list