Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!emory!gatech!bloom-beacon!eru!hagbard!sunic!kullmar!pkmab!ske
From: ske@pkmab.se (Kristoffer Eriksson)
Newsgroups: comp.unix.internals
Subject: Re: Complex security mechanism is unsecure (was Re: non-superuser chown(2)s considered harmful)
Message-ID: <4627@pkmab.se>
Date: 12 Dec 90 18:01:26 GMT
References: <1990Dec7.171501.18028@mp.cs.niu.edu> <18792@rpp386.cactus.org> <6874@titcce.cc.titech.ac.jp>
Organization: Peridot Konsult i Mellansverige AB, Oerebro, Sweden
Lines: 19

In article <6874@titcce.cc.titech.ac.jp> mohta@necom830.cc.titech.ac.jp (Masataka Ohta) writes:
>In general, making some application set-uid to root is more secure
>than making it set-uid to, say, uucp.
>
>In the latter case, you must be careful that no unauthorized person can
>have uucp nor root priviledge.

But that is fairly easy to prevent for a non-user account. Just make it
impossible to login to that account.

(If, in stead, you break into that account by using some bug in some
set-uid program owned by that account, then it wouldn't exactly be more
secure to have that program owned by root, so that is no way to avoid my
argument.)

-- 
Kristoffer Eriksson, Peridot Konsult AB, Hagagatan 6, S-703 40 Oerebro, Sweden
Phone: +46 19-13 03 60  !  e-mail: ske@pkmab.se
Fax:   +46 19-11 51 03  !  or ...!{uunet,mcsun}!sunic.sunet.se!kullmar!pkmab!ske