Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!sun-barr!ccut!wnoc-tyo-news!astemgw!icspub!rdmei!ptimtc!nntp-server.caltech.edu!madler
From: madler@nntp-server.caltech.edu (Mark Adler)
Newsgroups: comp.sys.next
Subject: Re: modem setup
Message-ID: <1991Mar27.171758.138@nntp-server.caltech.edu>
Date: 27 Mar 91 17:17:58 GMT
References: <rm6frdm@rpi.edu> <hc7f.g_@rpi.edu> <1991Mar27.070424.28119@nntp-server.caltech.edu>
Organization: California Institute of Technology, Pasadena
Lines: 25


From my own recent posting:
>> leave the permissions on /dev/cu* the same, but made the owner of
>> kermit uucp (chown uucp kermit), and then gave kermit the privileges
>> of its owner (chmod u+s kermit).  Kermit has code in it to prevent
>> these privileges from applying to files that are read or written.

Sam Finn just pointed out to me, correctly, that version 4E of C-Kermit
does not have that special code, so you should use the setuid trick
only with version 5A or later.  From the ckuker.ann file:

Summary of C-Kermit changes from 4E(072) to 5A(158)

...

  Improved use of UUCP lockfiles.
  Improved operation and security when run setuid.

The bit about UUCP lockfiles is why I think setuid is the kosher way
to do it (with 5A), since access to the /dev/cu* devices should be
restricted to programs that properly handle the uucp lock files.
These programs include uucp, cu, tip, and kermit.

Mark Adler
madler@pooh.caltech.edu