Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!helios!bcm!rice!uw-beaver!milton!dali.cs.montana.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!haven!adm!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.shell
Subject: Re: Retaining file permissions
Message-ID: <6227:Mar201:22:4391@kramden.acf.nyu.edu>
Date: 2 Mar 91 01:22:43 GMT
References: <7120@mentor.cc.purdue.edu> <1991Feb2 <1991Mar1.173548.8371@athena.mit.edu>
Organization: IR
Lines: 10

Rather than thinking about security holes, think about user mistakes. If
the kernel turns off the setuid bit upon write, it is much less likely
for a setuid program to be accidentally corrupted than it would be
otherwise. End of discussion.

(User mistakes aren't always the end of the story; sometimes you have to
consider denial-of-service attacks before you see why something reduces
security. But this case is relatively simple.)

---Dan