Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site mgweed.UUCP
Path: utzoo!linus!decvax!harpo!floyd!clyde!ihnp4!we13!mgweed!rjk
From: rjk@mgweed.UUCP (Randy King)
Newsgroups: net.unix-wizards
Subject: Pwd Security Concern
Message-ID: <3930@mgweed.UUCP>
Date: Tue, 4-Oct-83 16:10:42 EDT
Article-I.D.: mgweed.3930
Posted: Tue Oct  4 16:10:42 1983
Date-Received: Fri, 7-Oct-83 01:11:19 EDT
Organization: Western Electric - Montgomery Illinois
Lines: 13

I have a few applications that will be running setuid or setgid
owned by user "foo" and group "bar", respectively.  On occasion,
these programs need to execute "pwd" in the current directory
owned by "xyz" where neither user "foo" nor group "bar" has any
permissions nor permissions in the parent.

As is, pwd will error with:  pwd: cannot stat .!  (obviously).
After looking at the code, there appears to be no loopholes, so I
am proposing to setuid root on /bin/pwd.  I don't see any security
problem with doing that.  Any thoughts or comments on that proposal?

						Randy King
						ihnp4!mgweed!rjk