Pwd Security Concern

Randy King rjk at mgweed.UUCP
Wed Oct 5 06:10:42 AEST 1983


I have a few applications that will be running setuid or setgid
owned by user "foo" and group "bar", respectively.  On occasion,
these programs need to execute "pwd" in the current directory
owned by "xyz" where neither user "foo" nor group "bar" has any
permissions nor permissions in the parent.

As is, pwd will error with:  pwd: cannot stat .!  (obviously).
After looking at the code, there appears to be no loopholes, so I
am proposing to setuid root on /bin/pwd.  I don't see any security
problem with doing that.  Any thoughts or comments on that proposal?

						Randy King
						ihnp4!mgweed!rjk



More information about the Comp.unix.wizards mailing list