Aucbvax.3101
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Fri Sep 11 21:24:48 1981
Problems with turning off setuid
>From decvax!duke!unc!smb@Berkeley Fri Sep 11 21:12:41 1981
In-real-life: Steven M. Bellovin
Location: University of North Carolina at Chapel Hill

Although I feel that Berkeley's practice is indeed a reasonable
protection scheme, it can cause problems.  For example, I sometimes
create setuid programs that have group-write permission.  To test a
new version, I can just copy the file into it, without having to 'su'
each time.  Assuming that /etc/group is secure (or no less secure than
/etc/passwd, at any rate), there is no security risk.

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.