Path: utzoo!news-server.csri.toronto.edu!rutgers!njin!uupsi!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: rock-and-roll [Re: Retaining file permissions] [long]
Message-ID: <12596:Mar707:44:2791@kramden.acf.nyu.edu>
Date: 7 Mar 91 07:44:27 GMT
References: <1991Mar6.234727.23298@athena.mit.edu> <10710@dog.ee.lbl.gov> <7431@mentor.cc.purdue.edu>
Distribution: usa
Organization: IR
Lines: 25

In article <7431@mentor.cc.purdue.edu> asg@sage.cc.purdue.edu (Bruce Varney) writes:
> My contention is that it is no longer necessary to clear the suid
> bit on NON-EXECUTABLE FILES!

Joe compiles a setuid program and sets it up:

  cc -o foo foo.c
  chmod u+s foo
  # oops, umask is 002, better keep that file safe from carelessness by group
  chmod g-w foo
  # and make it available...
  chmod g+x foo

Sally, in the same group and doing work in the same directory, writes
something to foo after the setuid bit has been turned on. Guess what? In
your world, foo is still setuid.

Contentions about theoretical behavior are cute, but this is the real
world. Machines have real users who make real mistakes. Your proposed
change that would increase the chance of mistakes and has no obvious
advantages. It should never be adopted.

Please stop blabbering about security holes now.

---Dan