Aucbvax.2979
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Tue Sep  8 02:30:15 1981

>From ihnss!mhtsa!harpo!chico!esquire!nrh@Berkeley Tue Sep  8 00:57:27 1981
	Subject: Unix security and mail directory
	Newsgroups: fa.unix-wizards
	>From Lepreau@UTAH-20 Sat Sep  5 06:28:45 1981
	Berkeley vmunix has solved some of the security problems inherent in the
	setuid mechanism by one simple kernel mod: whenever a file is modified
	or chown'ed, the setuid/gid bits go away.  This takes care of the
	problem James mentioned, for example.
			Jay
	-------

And here I thought that there were HACKS coming out of Berkely!!!
The more side effects people build in to UNIX, the less clear the 
wonderful system interface will become. 

Turning off setuid bits on a file when chown() is called on it makes sense,
because no amount of care on the part of one user could prevent his files
from being compromised without this feature.

Turning off setuid bits when a file is modified is an attempt to protect
the programmer from a mistake in his programs.  While it may be convenient,
(is it really?) it seems a little misplaced.  Why not a library routine
to do this?

One final bit of sour grapes:  if something doesn't BELONG in the kernal,
it doesn't matter HOW simple it is to put that thing in the kernal.