Which commands (in /bin & /usr/bin) must have set user ID (for root)

Doug Gwyn gwyn at brl-smoke.ARPA
Wed Oct 22 02:20:48 AEST 1986


In article <1040 at ho95e.UUCP> wcs at ho95e.UUCP (Bill Stewart 1-201-949-0705 ihnp4!ho95c!wcs HO 2G202) writes:
>What surprised me about the list Jim replied with was that most of the commands
>were -rws......!  Why should a setuid command *ever* be writeable? - it's just
>*inviting* attempts to find a bug and convince the command to write over itself.

The "write" access bit on a file owned by "root" is essentially a no-op,
since the super-user (or a privileged process) could write the file anyway.
It doesn't create any additional security problem that I can see.



More information about the Comp.unix.wizards mailing list