UNIX file setuid sucurity hole?
ecl at mtgzy.UUCP
ecl at mtgzy.UUCP
Sat Mar 14 01:32:17 AEST 1987
In article <2168 at ncoast.uucp>, robertd at ncoast.uucp (Robert DeMarco) writes:
> I mean, couldn't someone who knows C alot write a program that is equivlent to
> "cat" that would display another users secret file. Then simply chmod the
> file to set to the owners ID apon execution? Then chown it to the owner.
> Then execute the command. Your uid will be set to the owner , who owns the
> file you wish to see.
Then, article <1772 at hi.uucp>, josh at hi.uucp (Josh Siegel) writes:
> I cannot be sure but don't you have to be root to use chown?
> If not, then yes... chown is a security hole. What operating
> system are you using that allows this?
Any operating system I have used (currently it's SVR2) unsets the setuid bits
of a file when its ownership is changed.
Evelyn C. Leeper
(201) 957-2070
UUCP: ihnp4!mtgzy!ecl
ARPA: mtgzy!ecl at rutgers.rutgers.edu
More information about the Comp.unix.wizards
mailing list