Problems with turning off setuid

utzoo!decvax!ucbvax!unix-wizards utzoo!decvax!ucbvax!unix-wizards
Fri Sep 11 21:24:48 AEST 1981


>From decvax!duke!unc!smb at Berkeley Fri Sep 11 21:12:41 1981
In-real-life: Steven M. Bellovin
Location: University of North Carolina at Chapel Hill

Although I feel that Berkeley's practice is indeed a reasonable
protection scheme, it can cause problems.  For example, I sometimes
create setuid programs that have group-write permission.  To test a
new version, I can just copy the file into it, without having to 'su'
each time.  Assuming that /etc/group is secure (or no less secure than
/etc/passwd, at any rate), there is no security risk.



More information about the Comp.unix.wizards mailing list