Guide to writing secure setuid programs?
Geoff Kuenning
geoff at desint.UUCP
Fri Mar 18 17:58:40 AEST 1988
In article <8468 at eddie.MIT.EDU> jbs at eddie.MIT.EDU (Jeff Siegal) writes:
> Setting the directory mode to 777 by itself doesn't let anyone modify
> or read anything. All it allows people do is:
>
> 1. List the file names in the directory
> 2. Access files in the dirctory _according_to_their_modes.
> 3. Remove files from the directory.
You forgot one:
4. Create files in the directory.
In practice, this allows modifying, though not reading, any file. Simply
remove the original and replace it by your favorite Trojan horse. On
System V (the system under discussion), you can even give the file away
to the original owner and group. With the utime(2) call, you can even
put in the original access and modification (though not i-node change)
times.
--
Geoff Kuenning geoff at ITcorp.com {uunet,trwrb}!desint!geoff
More information about the Comp.unix.wizards
mailing list