Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!romp!auschs!awdprime!greenber.austin.ibm.com!jfh
From: jfh@greenber.austin.ibm.com (John F Haugh II)
Newsgroups: comp.unix.aix
Subject: Re: It works everywhere else, but not on AIX
Message-ID: <6814@awdprime.UUCP>
Date: 18 Apr 91 20:13:19 GMT
References: <1991Apr15.182214.10391@ux1.cso.uiuc.edu> <313@crcaus.cactus.org> <1991Apr18.130033.1472@batcomputer.tn.cornell.edu>
Sender: news@awdprime.UUCP
Organization: Best Care South of the Red River, LCC, Austin, Republic of Texas
Lines: 26

In article <1991Apr18.130033.1472@batcomputer.tn.cornell.edu> shore@theory.tn.cornell.edu (Melinda Shore) writes:
|In article <313@crcaus.cactus.org> john@crcaus.UUCP (John R. Miller) writes:
|>Of course, it's simple
|>enough to correct: just un-suid df.
|
|The reason that df is setuid is so that it can read device special
|files for the filesystems without making them world-readable.  If
|you turn off the setuid bit on df it should fail;  if it doesn't
|you've got a security problem.  It *should* be setuid root.  There's
|no compelling reason for it not to be, and plenty of reasons why it
|should.

No - "df" does not need to read the device file.  There is a system
call, statfs(), which will return the correct information regarding
the file system, and it does not require any kernel privileges.  That
is what AIX uses to determine the free space, so John is correct in
saying it doesn't need to be setuid "bin".

This isn't the case for all of the various flavours of AIX, but it
is true for v3.  v1 and v2 (I think) do not include statfs().  They
would have to have setuid bits turned on for df (and my PS/2 is setuid
"root", as is expected.)
-- 
John F. Haugh II      |      I've Been Moved     |    MaBellNet: (512) 838-4340
SneakerNet: 809/1D064 |          AGAIN !         |      VNET: LCCB386 at AUSVMQ
BangNet: ..!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)