Aucbvax.2984
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Tue Sep  8 02:58:51 1981
union of effective and real permissions with setuid
>From Wales@UCLA-SECURITY Mon Sep  7 23:44:38 1981
My first reaction to the suggestion that setuid programs have permissions
which are the union of the real and effective uids' permissions is that
it will complicate the UUCP situation.

Most setuid programs, it is true, are setuid in order to give the invoker
some permissions which he did not previously have (e.g., access or modify
a critical file in a controlled fashion).  These programs would probably
benefit from the "union" mod -- assuming they were setuid to something
other than root; a setuid-to-root program already has all the permissions
in the world anyway.

The UUCP programs, on the other hand, are setuid in order to RESTRICT the
invoker's abilities.  Above all, you DON'T want UUCP et al. to have the
permissions of the superuser (that's why they are setuid to "uucp" rather
than "root").  If I understand your suggestion correctly, a "uucico" spun
off by "cron" (which, in Berkeley UNIX at least, is executed as root)
would have superuser permissions (real uid = "root") as well as "uucp"
permissions (effective uid = "uucp").  This, I feel, is unacceptable.

I realize that this is a complex issue, because some setuid programs (owned
by someone other than root) might want the real uid's permissions, and some
might not.  If this "union" mod gets put in, there had better be a reasonable
way that a program like UUCP can specify that it wants ONLY the effective
uid's permissions.

-- Rich Wales
-------

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.