Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!csus.edu!beach.csulb.edu!nic.csu.net!csun!kithrup!sef
From: sef@kithrup.COM (Sean Eric Fagan)
Newsgroups: comp.unix.wizards
Subject: Re: should Unix refuse to execute writable binaries?
Message-ID: <1991Mar03.013731.5361@kithrup.COM>
Date: 3 Mar 91 01:37:31 GMT
References: <1991Mar2.193639.21105@tandem.com>
Organization: Kithrup Enterprises, Ltd.
Lines: 15

In article <1991Mar2.193639.21105@tandem.com> ernest@pegasus.dsg.tandem.com (Ernest Hua) writes:
>Should the Unix kernel refuse to execute binaries (or scripts) that are ...
>    1.  setuid-ed plus group and/or world writable?
>    2.  setgid-ed plus world writable?
>It seems like a simple check that should be help ensure a more secure Unix.

What appears to be done more often is to have writes clear the SUID and/or
SGID bits (unless the writer is root or the owner?).  Even that one I have
problems with.

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef@kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.