Aucbvax.3101
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Fri Sep 11 21:24:48 1981
Problems with turning off setuid
>From decvax!duke!unc!smb@Berkeley Fri Sep 11 21:12:41 1981
In-real-life: Steven M. Bellovin
Location: University of North Carolina at Chapel Hill

Although I feel that Berkeley's practice is indeed a reasonable
protection scheme, it can cause problems.  For example, I sometimes
create setuid programs that have group-write permission.  To test a
new version, I can just copy the file into it, without having to 'su'
each time.  Assuming that /etc/group is secure (or no less secure than
/etc/passwd, at any rate), there is no security risk.