Xref: utzoo comp.unix.admin:1906 alt.security:2598 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!zaphod.mps.ohio-state.edu!wuarchive!udel!princeton!phoenix.Princeton.EDU!subbarao From: subbarao@phoenix.Princeton.EDU (Kartik Subbarao) Newsgroups: comp.unix.admin,alt.security Subject: Re: setuid (was Re: Non Destructive Version of rm) Message-ID: Date: 21 May 91 13:59:39 GMT References: <1991May14.101450.830@convex.com> <9105200808.aa02147@art-sy.detroit.mi.us> <1991May21.121555.5087@convex.com> Sender: news@idunno.Princeton.EDU Reply-To: subbarao@phoenix.Princeton.EDU (Kartik Subbarao) Distribution: na Organization: American Chemical Society Lines: 33 In article <1991May21.121555.5087@convex.com> tchrist@convex.COM (Tom Christiansen) writes: >From the keyboard of chap@art-sy.detroit.mi.us (j chapman flack): >:The man page mentions that on "some" systems pwd(1) does not run setuid-root >:and so can't pwd if the parent or an ancestor directory is unreadable. >: >:My system is one of those. Is there something intrinsically unsafe about pwd >:that would create holes if I made it setuid-root? > >I can't really think of anything, but this is scant evidence, let alone >proof, of trustworthiness. Most of us seem to get by find without a suid >pwd(1). It fails whenever a normal getwd(3) would fail, but few of us >consider this critical. So what? The fewer suid programs (and the fewer >programs root always runs) the less you have to worry about. And I don't >think implementing getwd(3) via a popen(3) to a suid pwd(1) is a very >elegant solution. I agree. What people might be grumbling about is the fact that if you cd down into subdirectories of a directory that is mode 711, /bin/pwd, since it only does a straight getcwd(), fails because it can't find where it is now. But, decent shells such as zsh have pwd as a builtin, so there's no problem. It would seem that it is the shell's responsibility to do that kind of stuff. Also, an ofiles on your shell process should also tell you where you are. -Kartik -- internet% ypwhich subbarao@phoenix.Princeton.EDU -| Internet kartik@silvertone.Princeton.EDU (NeXT mail) SUBBARAO@PUCC.BITNET - Bitnet