Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!ora!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.unix.admin Subject: Re: Running random user programs as ROOT?! Message-ID: <867@minya.UUCP> Date: 25 Jun 91 10:55:28 GMT References: <91161.131540SCHDAVZ@YaleVM.YCC.Yale.Edu> <70@pyuxf.UUCP> <1991Jun21.233414.10848@gpu.utcs.utoronto.ca> Lines: 32 > I hope not. Su sets *real* and effective user ID. The > saved-set-user-ID should be wiped out by the su program when SUing > to the user's account. Otherwise SU is *horribly* broken. OK, so if I wanted to write a version of su that wasn't "horribly broken", how would I do it? I've dug around in TFM on several occasions, trying to make sense of the saved-set-user-ID concept, to little avail. They seem to think that they should keep it a secret from me, because if I'm interested, I am obviously an Evil Hacker who is trying to violate system security. So far, I haven't seen any documented system call to set this third uid that some Unix kernels keep. If there's no (documented) way to set it, how can you accuse a program of being "horribly broken" if it doesn't set it correctly? BTW, this isn't purely hypothetical. I recently added a dumb terminal to this (Sys/VR3) system so that when X shoots itself in the foot and goes zombie on me, I have a back door to do something short of pushing the reset button. But what I can do there is very limited, because when I type "su" it just says "Sorry", without even asking me for a password. TFM hasn't helped at all to explain why su is so recalcitrant. I've done what any hacker would do - written my own version of su. Now I find that, according to the above, it is horribly broken. I'd like to know how to make it less so. How do I do that? If it's described somewhere in TFM (that I am too stupid to find), I'd like to know where, and how I missed it. -- All opinions Copyright (c) 1991 by John Chambers. Inquire for licensing at: Home: 1-617-484-6393 ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc Work: 1-508-486-5475 {sppip7.lkg.dec.com!jc,ub40::jc}