Xref: utzoo alt.security:731 comp.protocols.tcp-ip:11526 alt.sys.sun:935 Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!uwvax!dogie.macc.wisc.edu!uakari.primate.wisc.edu!aplcen!unmvax!sci.ccny.cuny.edu!cucard!dasys1!cooper!phri!sci.ccny.cuny.edu!rpi!zaphod.mps.ohio-state.edu!usc!cs.utexas.edu!uunet!crdgw1!sixhub!davidsen From: davidsen@sixhub.UUCP (Wm E. Davidsen Jr) Newsgroups: alt.security,comp.protocols.tcp-ip,alt.sys.sun Subject: Re: anonymous ftp, and the dangers thereof Message-ID: <790@sixhub.UUCP> Date: 3 Jun 90 08:28:53 GMT References: <6703@blake.acs.washington.edu> <1990Apr20.192233.4092@utzoo.uucp> <6721@blake.acs.washington.edu> Reply-To: davidsen@sixhub.UUCP (bill davidsen) Followup-To: alt.security Organization: *IX Public Access UNIX, Schenectady NY Lines: 22 In article <6721@blake.acs.washington.edu> mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) writes: | We are talking about no "setuid" | programs; in its place are new unprivileged system calls which make | the necessary checks. That's nice in the far future, but I'll take what I have and understand, carefully used. I'm perfectly content to have user programs use setuid (not to root, thanks) to control access to things like databases and other user owned resources. I think you could get a few good theses from thrying to design something better than having the owner of the resource provide a setuid program to provide access. The problem has been that vendors have been to cheap, lazy, or incompetent to provide services by means other than using setuid root for things. I regard about 30% of what most vendors do as being the result of lazyness (not that this implies a security hole in that many cases, but a lack of elegance). -- bill davidsen - davidsen@sixhub.uucp (uunet!crdgw1!sixhub!davidsen) sysop *IX BBS and Public Access UNIX moderator of comp.binaries.ibm.pc and 80386 mailing list "Stupidity, like virtue, is its own reward" -me