Guide to writing secure setuid programs?
Rob McMahon
cudcv at daisy.warwick.ac.uk
Sun Mar 27 05:01:42 AEST 1988
In article <8468 at eddie.MIT.EDU> jbs at eddie.MIT.EDU (Jeff Siegal) writes:
|In article <7616 at oberon.USC.EDU> blarson at skat.usc.edu (Bob Larson) writes:
|>about setuid lp programs.
|Setting the directory mode to 777 by itself doesn't let anyone modify
|or read anything. All it allows people do is:
|
| 1. List the file names in the directory
| 2. Access files in the dirctory _according_to_their_modes.
| 3. Remove files from the directory.
4. Add files (or links) to the directory.
If you're not careful Joe User can get files printed out which he has no
read permission to by making links, symbolic links, into this directory.
Rob
--
UUCP: ...!mcvax!ukc!warwick!cudcv PHONE: +44 203 523037
JANET: cudcv at uk.ac.warwick.cu ARPA: cudcv at cu.warwick.ac.uk
Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
More information about the Comp.unix.wizards
mailing list