Guide to writing secure setuid programs?

Doug Gwyn gwyn at brl-smoke.ARPA
Sun Mar 20 11:16:11 AEST 1988


In article <3098 at pegasus.UUCP> hansen at pegasus.UUCP (XT1554000-Tony L. Hansen;LZ 3B-315;6243) writes:
>This enhancement was also put into System V release 3.2. Also, the /tmp and
>/usr/tmp directories are shipped as mode 1777. This was just one of the
>modifications made in that release to make the UNIX System more secure.

How well does this work in practice?  Due to the large number of
utilities that fail to properly clean up their tmp files, often
the system administrator ends up having to periodically clean out
/tmp and /usr/tmp.  With this new scheme, he'll have to become
superuser to do this, unless a privileged operator-executable
cleanup utility is provided (or the system is rebooted and does
this on each reboot).



More information about the Comp.unix.wizards mailing list