Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!rice!uupsi!cmcl2!panix!zink From: zink@panix.uucp (David Zink) Newsgroups: comp.unix.internals Subject: Re: rock-and-roll [Re: Retaining file permissions] [long] Message-ID: <1991Mar8.004700.27664@panix.uucp> Date: 8 Mar 91 00:47:00 GMT References: <1991Mar6.234727.23298@athena.mit.edu> <10710@dog.ee.lbl.gov> <7431@mentor.cc.purdue.edu> <12596:Mar707:44:2791@kramden.acf.nyu.edu> Sender: zink@panix.uucp (David Zink) Followup-To: alt.fan.dan.bernstein,alt.flame Organization: PANIX - Public Access Unix Systems of NY Lines: 46 brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes: (About not-clearing suid bits upon writes to non-executable files) > Contentions about theoretical behavior are cute, but this is the real > world. Machines have real users who make real mistakes. Your proposed > change that would increase the chance of mistakes and has no obvious > advantages. It should never be adopted. You pedantic twit. Try your example in the real world and see what happens. > Joe compiles a setuid program and sets it up: > Sally, in the same group and doing work in the same directory, writes Joe is the J prompt and Sally is the S prompt. J> cc -o foo foo.c J> chmod u+s foo S> find /etc -print > foo J> # oops, umask is 002, better keep that file safe from carelessness by group Of course, umask is obviously 013, at least. J> chmod g-w foo J> # and make it available... J> chmod g+x foo > Please stop blabbering about security holes now. > ---Dan Now fix all the security holes as per Dan's perfect world. J> cc -o foo foo.c S> find /etc -print > foo J> # oops, umask is 002, better keep that file safe from carelessness by group Of course, umask is obviously 013 J> chmod g-w foo J> chmod u+s foo J> # and make it available... J> chmod g+x foo Please stop blabbering now. ---David Unix is _not_ designed to protect stupid users from their stupidity. It is designed to make useful work possible. For added fun, have joe set umask 022 before starting. No hole in either case. _I_ know, setting suid should delete executable files, that'll make Dan happy.