UNIX file setuid sucurity hole?

ecl at mtgzy.UUCP ecl at mtgzy.UUCP
Sat Mar 14 01:32:17 AEST 1987


In article <2168 at ncoast.uucp>, robertd at ncoast.uucp (Robert DeMarco) writes:
> I mean, couldn't someone who knows C alot write a program that is equivlent to
> "cat" that would display another users secret file.  Then simply chmod the
> file to set to the owners ID apon execution?  Then chown it to the owner.
> Then execute the command.  Your uid will be set to the owner , who owns the
> file you wish to see.

Then, article <1772 at hi.uucp>, josh at hi.uucp (Josh Siegel) writes:
> I cannot be sure but don't you have to be root to use chown?
> If not, then yes... chown is a security hole.  What operating
>  system are you using that allows this?

Any operating system I have used (currently it's SVR2) unsets the setuid bits
of a file when its ownership is changed.

					Evelyn C. Leeper
					(201) 957-2070
				UUCP:	ihnp4!mtgzy!ecl
				ARPA:	mtgzy!ecl at rutgers.rutgers.edu



More information about the Comp.unix.questions mailing list