UNIX file setuid sucurity hole?
haynes at ucbarpa.Berkeley.EDU.UUCP
haynes at ucbarpa.Berkeley.EDU.UUCP
Fri Mar 13 16:46:33 AEST 1987
On our student machines we hack the kernel to prevent setting the
setuid bit by a non-privileged user. If some user really needs it
set he can request that of root. We don't get too many requests.
I made this change reluctantly after finding the system riddled
with hundreds of setuid shells that would let one user into another
user's account. They were obtained by writing a game or other
utility, inviting everyone to try it, and it had a secret side
effect of creating a setuid shell.
Jim Haynes
haynes at ucscc.bitnet
haynes at ucbarpa.berkeley.edu
...ucbvax!ucscc!haynes
More information about the Comp.unix.wizards
mailing list