Guide to writing secure setuid programs?

Stephen J. Friedl friedl at vsi.UUCP
Mon Mar 14 14:50:55 AEST 1988


In article <8468 at eddie.MIT.EDU>, jbs at fenchurch.MIT.EDU (Jeff Siegal) writes:
> Setting the directory mode to 777 by itself doesn't let anyone modify
> or read anything.  All it allows people do is:
> 
> 	1. List the file names in the directory
> 	2. Access files in the dirctory _according_to_their_modes.
> 	3. Remove files from the directory.

You missed at least two:

	4. Rename files
	5. Add new files

What if you see a job ready to print.  You know payroll will be printing
checks soon so you make up a file of your own checks.  When you see it
in the queue you remove theirs and insert yours.

Another one: your system's laser printer has usage accounting built
into the spooler.  You make up your own spooler files and stick them
in the directory directly.  The despooler never knows the difference.

The set-sticky-bit-on-directory fix will be available for SVR3.2
from AT&T soon.  If this is done, you only can only unlink files
if you own the file or own the directory.  This largely fixes the
above problems in the manner of BSD.

-- 
Steve Friedl, KA8CMY      ARPA/CSNet:  friedl at vsi.uu.net       *Hi Mom*
uucp email : { kentvax, uunet, attmail, ihnp4!amdcad!uport }!vsi!friedl
"Too bad we judge others by their actions and ourselves by our motives"



More information about the Comp.unix.wizards mailing list