/usr/spool/mail, setuid/setgid bits, a meta-comment, and more.
utzoo!decvax!ucbvax!unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Tue Sep 8 11:22:44 AEST 1981
>From IngVAX.eric at Berkeley Tue Sep 8 11:13:57 1981
First of all, as a UNIX hacker for about many years now, having
worked with versions 4, 5, 6, 7, 32V, 1BSD, 2BSD, 3BSD, 2.8BSD, 4BSD,
4.1BSD, PWB1.0, and a few others, I feel that clearing the setuid
and setgid bits when the inode is touched is appropriate, and that
this belongs in the kernel. Why is this any worse than the chown
syscall being disabled for the original owner of a file (you used
to be able to give away files), disabled in version 6 so as not to
"defeat the (nonexistent) file-space accounting procedures"? The
set?id bits are powerful, and this is an appropriate security
measure.
However, you can break into su without using the setuid bits,
and without having /etc and /usr/spool/mail on the same device;
in fact, without using any fancy features at all. However, I
feel that it is inappropriate for me to send the technique to
a mailing list of this huge distribution, given the number of
systems that have this problem -- however I am willing to send
individual explanations to responsible system gurus (i.e.,
real UNIX wizards).
By the way, I obviously agree with the argument that this list has
been too widely distributed -- there are things (such as this)
which should not get wide distribution -- and I believe that in
the initial days of this list, that was intended to be a goal.
Too bad.....
Finally, you can configure Berkeley "Mail" quite trivially to
truncate rather than unlink the mail file.
eric
More information about the Comp.unix.wizards
mailing list