Xref: utzoo comp.unix.questions:14673 comp.unix.wizards:17122
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!iuvax!bsu-cs!dhesi
From: dhesi@bsu-cs.bsu.edu (Rahul Dhesi)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: at files and permissions
Message-ID: <8072@bsu-cs.bsu.edu>
Date: 5 Jul 89 15:39:33 GMT
References: <1894@cbnewsh.ATT.COM> <669@lzaz.ATT.COM>
Reply-To: dhesi@bsu-cs.bsu.edu (Rahul Dhesi)
Distribution: na
Organization: CS Dept, Ball St U, Muncie, Indiana
Lines: 13

In article <669@lzaz.ATT.COM> hutch@lzaz.ATT.COM (R.HUTCHISON) writes:
>If I wanted to be sneaky (and if "at" wasn't very smart), I could submit 
>a "nasty" at job, go to the spool directory, and change the file's owner 
>id to a target login and "at" would do the nasty to that login.  

The above problem does not occur in BSD, because BSD allows only root
to change file ownership.

When you discuss a security problem that is specific to System V,
please be sure to say so clearly, else you may confuse naive users.
-- 
Rahul Dhesi <dhesi@bsu-cs.bsu.edu>
UUCP:    ...!{iuvax,pur-ee}!bsu-cs!dhesi