Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site astrovax.UUCP
Path: utzoo!linus!security!genrad!grkermit!masscomp!clyde!akgua!astrovax!wls
From: wls@astrovax.UUCP (William L. Sebok)
Newsgroups: net.unix-wizards
Subject: Re: Access rights for suid programs.
Message-ID: <200@astrovax.UUCP>
Date: Mon, 19-Dec-83 19:26:23 EST
Article-I.D.: astrovax.200
Posted: Mon Dec 19 19:26:23 1983
Date-Received: Wed, 21-Dec-83 01:43:58 EST
References: <716@qubix.UUCP>
Organization: Princeton Univ. Astrophysics
Lines: 25


> All these problems come down to not having the correct 1 of 
> 2 sets of access permissions at a given time.  There seems to be
> a very simple solution.  Give suid programs the access permissions
> of both the real and effective id's AT THE SAME TIME.
> 
> This seems so blindingly obvious that there must be some fatal flaw
> in the idea since I've never seen it mentioned before.

I would like to second this idea.  I've thought of the idea myself and have
thought of bringing it up some time (i.e. throwing myself before the
wolf-pack).  Logically it makes sense:  the person running the program has
given his permission to access his files by the fact that he is running the
program, and the person who owns the program and set the suid on it has given
the program permission to access her files by the fact that she set the suid
bit on the program (how's that for gender balance?).

  In effect the program has both permissions anyway, only not at the same time.
I see no security hole that isn't there already in having these permissions
available at the same time.  Then programs wouldn't have to go through the
contortions that they do when they have to manipulate both sets of files, the
program's and the user's.
-- 
Bill Sebok			Princeton University, Astrophysics
{allegra,akgua,burl,cbosgd,decvax,ihnp4,kpno,princeton,vax135}!astrovax!wls