Problems with turning off setuid
utzoo!decvax!ucbvax!unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Fri Sep 11 21:43:04 AEST 1981
>From decvax!duke!unc!smb at Berkeley Fri Sep 11 21:32:44 1981
In-real-life: Steven M. Bellovin
Location: University of North Carolina at Chapel Hill
Although I feel that Berkeley's practice is indeed a reasonable
protection scheme, it can cause problems. For example, I sometimes
create setuid programs that have group-write permission. To test a
new version, I can just copy the file into it, without having to 'su'
each time. Assuming that /etc/group is secure (or no less secure than
/etc/passwd, at any rate), there is no security risk.
More information about the Comp.unix.wizards
mailing list