compress and setting owner/group
Stephen Samuel
obed!steve at alberta.UUCP
Mon Jul 11 16:46:00 AEST 1988
>From article <23718 at teknowledge-vaxc.ARPA>, by mkhaw at teknowledge-vaxc.ARPA (Mike Khaw):
> the output file to match that of the input file. 4bsd's chown() allows
> only root to change the user; consequently on ultrix 2.2, the entire call
> .... Is compress safe to install as a setuid root program?
Generically, I'd say no, since, because compress can write to generic files,
it's a mistake to allow it to run setuid. Consider the following for a
system where /tmp and /etc are on the same filesystem:
cd /tmp
cp /etc/passwd ./pw
vi pw
<change the root passwd>
:x
compress pw
ln /etc/pw ./pw
compress -d pw.Z
result: One broken system...
More information about the Comp.unix.questions
mailing list