Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!ucsd!swrinde!cs.utexas.edu!uunet!virtech!cpcahil
From: cpcahil@virtech.UUCP (Conor P. Cahill)
Newsgroups: comp.unix.wizards
Subject: Re: Is there an FSDB Manual?
Message-ID: <1239@virtech.UUCP>
Date: 6 Oct 89 14:59:51 GMT
References: <1221@virtech.UUCP> <4960@cbnewsm.ATT.COM> <572@pd1.ccd.harris.com> <890@uniol.UUCP>
Distribution: comp
Organization: Virtual Technologies Inc
Lines: 19

In article <890@uniol.UUCP>, lehners@uniol.UUCP (Joerg Lehners) writes:
> Hello again !
> 
> I forgot a final word in my previous posting:
> 
> Executables without special privileges (ie. without s-bits) should
> never be security holes.
> Are such beast around ? If so if would like to hear about such things.

How about standard named executables without s-bits that are accidently
run by non-suspecting s-people.  like an "ls" in /tmp.  Chances are 
that it will be run by another user, maybe not root, but at least another
user.  Then you have that user's capabilities....

-- 
+-----------------------------------------------------------------------+
| Conor P. Cahill     uunet!virtech!cpcahil      	703-430-9247	!
| Virtual Technologies Inc.,    P. O. Box 876,   Sterling, VA 22170     |
+-----------------------------------------------------------------------+