Which commands (in /bin & /usr/bin) must have set user ID (for root)
#Bill.Stewart
wcs at ho95e.UUCP
Sat Oct 18 12:37:39 AEST 1986
In article <735 at hropus.UUCP> jrw at hropus.UUCP (Jim Webb) writes:
>>[Somebody else wrote..]
>> I currently have VAX 11/785s running AT&T UNIX V Release 2 Version 2.0.
>> I am wondering which commands in /bin /and /usr/bin (owned by root, group is
>> sys) must have the set user ID, or set group ID on execution in order
>> to work correctly.
What surprised me about the list Jim replied with was that most of the commands
were -rws......! Why should a setuid command *ever* be writeable? - it's just
*inviting* attempts to find a bug and convince the command to write over itself.
Are there any commands that actually depend on this?
>-rwsr-xr-x 1 root sys 47197 Oct 20 1985 at
>-rwsr-xr-x 1 root sys 25093 Nov 5 1983 crontab
>at needs to talk to cron in a very specific manner.
I would expect you could write a good cron without setuid, since /etc/cron runs
as root? Likewise "at", since it's the other side of cron?
What irks me more, though, is that the "lp" commands all run setuid-lp
setgid-bin; this means that in a directory which lp can't access ( e.g. 700),
lp foo
fails, though
lp <foo
is ok.
--
# Bill Stewart, AT&T Bell Labs 2G-202, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs
More information about the Comp.unix.wizards
mailing list