Aazure.175
fa.unix-wizards
utzoo!decvax!ucbvax!mhtsa!harpo!chico!teklabs!tekmdp!azure!grahamr
Wed Sep 16 11:15:08 1981
details of dmr's solution
Does this table agree with Mr. Ritchie's solution?

				process ids match:
		no file ids	file gid	file uid	both
		-----------	--------	--------	----
setuid file:	no w access	no w access	use u w bit	use u w bit
setgid file:	no w access	use g w bit	no w access	use g w bit
both:		no w access	use g w bit	use u w bit	use u w bit

   The interesting cell in this table occurs where the file is owned by
the user and group who owns the process, yet the group protection bit is
used because the file is setgid and not setuid.  Is this right?  If so, it
makes me suspicious of the correctness of the whole bottom row.  For a
file which is both setuid and setgid, perhaps there should be no w access
except to processes with matching uid AND gid.  If this is right, then
perhaps in case both match, some combination of the u and g bits should
be used instead of the usual owner-first strategy (which I have used here).
The solution expressed in my table solves Mr. Bellovin's problem (at the
cost of making his program setgid as well as setuid).
   I certainly hope that whatever solutions are found to the real vs.
effective questions will simply apply across the board here.
   In my experience it's details like these that make or break a protec-
tion strategy.  So speak up, dmr!  What did you mean?
			-Graham Ross (duke!chico!teklabs!tekmdp!grahamr)