UNIX file setuid sucurity hole?

[wcs at ho95e.UUCP]

In article <695 at aw.sei.cmu.edu.sei.cmu.edu> pdb at sei.cmu.edu.UUCP (Pat Barron) writes:
>In article <2168 at ncoast.UUCP> robertd at ncoast.UUCP (Robert DeMarco) writes:
>>   [  setuid + chown is unsafe ]

>Easy.  Remember, unless you are the super-user, you can't use the chown command
>at all, not even to chown one of your own files.
	On systems derived from V7 (V7, Berkeley 4.*, and maybe V8/V9), only
the superuser can use chown.  On System III, System V, and their derivatives,
everyone can do chown, but chown turns off setuid.  There were a few other
holes that also had to be plugged, but they're "all" fixed.  Chown is a
tremendous convenience in a multi-person project; it makes it much easier to
give files away.

> if you were on a system with disk space accounting, if just anyone could
> chown stuff, you could subvert the accounting system.
	This is still possible, but many accounting systems either don't charge
for disk space, or charge for total blocks under $HOME.  It's not usually a big
problem, and if it becomes one, it's not hard to give each user a report of
"files you own that aren't under your $HOME".
-- 
# Bill Stewart, AT&T Bell Labs 2G-202, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs