access(2) (was: Writing to A NON-Existing File in "C")
Michael I. Bushnell
mike at turing.UNM.EDU
Thu Apr 21 09:12:56 AEST 1988
In article <887 at cresswell.quintus.UUCP> ok at quintus.UUCP (Richard A. O'Keefe) writes:
>In article <14020030 at hpisod2.HP.COM>, decot at hpisod2.HP.COM (Dave Decot) writes:
>> access(2) should not be used to determine the other access permissions
>> except in setuid programs, and even then, not for testing execute
>> access by setuid-root programs.
>
>If a program which is never intended to run setuid ensures that it is
>not being run setuid or setgid by doing
[Code fragment to test for suid conditions]
>where is the harm in subsequently using access(2) to test for permission to
>read or write a file?
>
>Is there any legitimate reason why someone might take a program which was
>not originally designed to run setuid or setguid and do chmod u+s
>or chmod g+s to it?
Not really. But there is another way it can run under suid
conditions:
% whoami
foo
% su
Password:
# nifty_program
Note that nifty program will now have REAL uid foo and EFFECTIVE uid
root.
N u m q u a m G l o r i a D e o
Michael I. Bushnell
HASA - "A" division
14308 Skyline Rd NE Computer Science Dept.
Albuquerque, NM 87123 OR Farris Engineering Ctr.
OR University of New Mexico
mike at turing.unm.edu Albuquerque, NM 87131
{ucbvax,gatech}!unmvax!turing.unm.edu!mike
More information about the Comp.unix.wizards
mailing list