Xref: utzoo comp.unix.questions:14774 comp.unix.wizards:17182
Path: utzoo!attcan!uunet!cs.utexas.edu!rutgers!att!ulysses!andante!alice!wilber
From: wilber@alice.UUCP (Bob Wilber)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Re: at files and permissions
Message-ID: <9583@alice.UUCP>
Date: 7 Jul 89 23:11:29 GMT
Organization: AT&T Bell Laboratories, Murray Hill NJ
Lines: 17

Chris Lewis writes:
>"at" needs setuid root permissions so that it can write in the cron/at 
>spool directories.

Actually, "at" shouldn't have to run setuid to root.  A special user (say,
"Mr.At") should be created to own the at spool directory, and "at" should run
setuid to Mr.At.  That way if someone discovers a security hole in "at" he only
gains the power to delete other people's at files, he doesn't get to play super
user.

The real reason "at" is run setuid to root on System V is because of the
infamous System V setuid(2) bug, wherein a process with a non-root effective id
is not able to setuid to its real id if that real id is root.  Because of this
bug "at" must be run setuid to root so that root can use it.

Bob Wilber