Aucbvax.4485
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Fri Oct 16 00:05:49 1981
details of dmr's solution
>From teklabs!tekmdp!azure!grahamr@Berkeley Thu Oct 15 21:47:28 1981
Does this table agree with Mr. Ritchie's solution?
process ids match:
no file ids file gid file uid both
----------- -------- -------- ----
setuid file: no w access no w access use u w bit use u w bit
setgid file: no w access use g w bit no w access use g w bit
both: no w access use g w bit use u w bit use u w bit
The interesting cell in this table occurs where the file is owned by
the user and group who owns the process, yet the group protection bit is
used because the file is setgid and not setuid. Is this right? If so, it
makes me suspicious of the correctness of the whole bottom row. For a
file which is both setuid and setgid, perhaps there should be no w access
except to processes with matching uid AND gid. If this is right, then
perhaps in case both match, some combination of the u and g bits should
be used instead of the usual owner-first strategy (which I have used here).
The solution expressed in my table solves Mr. Bellovin's problem (at the
cost of making his program setgid as well as setuid).
I certainly hope that whatever solutions are found to the real vs.
effective questions will simply apply across the board here.
In my experience it's details like these that make or break a protec-
tion strategy. So speak up, dmr! What did you mean?
-Graham Ross (duke!chico!teklabs!tekmdp!grahamr)
-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <
[email protected]>
of
http://communication.ucsd.edu/A-News/
This Usenet Oldnews Archive
article may be copied and distributed freely, provided:
1. There is no money collected for the text(s) of the articles.
2. The following notice remains appended to each copy:
The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.
