Apur-ee.134
fa.unix-wizards
utzoo!decvax!pur-ee!bruner
Fri Sep 11 11:06:07 1981
setuid cleared on write
I don't, in general, like systems that "hold my hand" either.  I
personally don't like having setuid/setgid cleared when a file is
written under any circumstances.  However, in a university environment
with over two thousand undergraduate accounts, some provisions must
be made for the novice user.  I'm not concerned that a system staff
member will leave a setuid root file world writable.  However, I have
seen students create mode 4777 files (even though the umask is 022)
so that their friends can use their accounts.  A malicious user will
usually wreak havoc using an account other than his own (to avoid
detection).  It is necessary, in this environment, to protect novice
users from themselves.  Given this assumption, I was suggesting a
solution which preserves as much flexibility as possible.

System crashers have incredible amounts of time to go searching for
writable setuid files or to try out every possible way to crash a
setuid program.  (For that reason, I suggest that we either don't
bring up security topics in "unix-wizards", or we specify exactly
what the problem is when a security "hole" is detected.  If a "hacker"
and a system staff member read the same "news" entry hinting at a
security hole, it will probably be the hacker who figures it out
first because he's got "all of the time in the world".  Note also that
inter-machine mail isn't secure because the files are world-readable,
so private correspondence about security problems should be done by
some other means.)  I don't like solutions which restrict access
or flexibility, and I certainly don't like hacks in the kernel,
but in cases like this one I can see no alternative.

--John

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.