Who dat?

[David Canzi]

In article <14931 at oddjob.UChicago.EDU> matt at oddjob.UChicago.EDU (Ka Kahula) writes:
>) In article <3789 at rpp386.UUCP>, jfh at rpp386.UUCP (John F. Haugh II) writes:
>) > have the client create a file with the suid and sgid bits set. ...
>
>In article <51 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
>) Let's see, what I do when you ask my process A to create this file is
>) to have a program B sitting around that is setuid/setgid to whomever
>) I want you to think A is; ...
>
>If you have this program B, you can impersonate your victim completely.
>Why not just assume that you have your victim's password?  It comes
>to the same thing.

In versions of UNIX with which I am familiar, you need no permissions
of any kind on a file to make new links to it.  So if there are setuid
files owned by root on the same filesystem as the directory where the
client process is supposed to create the setuid file, then any random
user can impersonate Mr. Root.

Maybe a server can securely verify the userid of a client by requiring
the client to create a setuid file with name *and* *contents* specified
by the server?

-- 
I am not David Canzi, my name is.