Path: utzoo!censor!geac!torsqnt!hybrid!scifi!bywater!uunet!bria!mike
Newsgroups: comp.unix.wizards
Subject: Re: should Unix refuse to execute writable binaries?
Message-ID: <500@bria>
Date: 3 Mar 91 03:08:47 GMT
References: <1991Mar2.193639.21105@tandem.com| <1991Mar2.235521.27@ico.isc.com>
Reply-To: uunet!bria!mike
Organization: MGI Group International, Los Angeles, CA
Lines: 22
Followup-To:
Keywords:

In an article, ico.isc.com!rcd (Dick Dunn) writes:
|ernest@pegasus.dsg.tandem.com (Ernest Hua) writes:
|| Should the Unix kernel refuse to execute binaries (or scripts) that are ...
||     1.  setuid-ed plus group and/or world writable?
||     2.  setgid-ed plus world writable?
|
|I see two levels at which the answer ought to be "no".
|1.  The pedantic rote answer is "no, because the kernel isn't supposed to
|    be in the business of making [that sort of] policy decision."
|2.  A practical answer is "no, because the situation is more complicated
|    than that."  The restrictions required to keep the least experienced
|    users from hurting themselves may be more than the most experienced
|    users want to put up with.

Good points.  Another reason that I would avoid this restriction is because
some developers (keeping myself in mind, primarily :-) like to modify the
executable itself for various and sundry purposes.
-- 
Michael Stefanik, MGI Inc., Los Angeles| Opinions stated are not even my own.
Title of the week: Systems Engineer    | UUCP: ...!uunet!bria!mike
-------------------------------------------------------------------------------
Remember folks: If you can't flame MS-DOS, then what _can_ you flame?