Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site laidbak.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!laidbak!mark
From: mark@laidbak.UUCP (Mark Brukhartz)
Newsgroups: net.micro.att
Subject: Re: S-bit set on UnixPC mv
Message-ID: <110@laidbak.UUCP>
Date: Sun, 28-Jul-85 01:04:07 EDT
Article-I.D.: laidbak.110
Posted: Sun Jul 28 01:04:07 1985
Date-Received: Mon, 29-Jul-85 07:15:59 EDT
References: <1284@cwruecmp.UUCP>
Organization: LAI Chicago
Lines: 18

System V Release 1 /bin/mv *should* be setuid to root. This is not
a security breach; it allows mortal users to rename directories.

On System V Release 2, /bin/mv invokes /usr/lib/mv_dir for directory
operations; only the latter is setuid to root.

Both of these setuid-root commands make the usual "can this user
really do this" checks on their arguments. I know of no security
bugs in "mv". Unfortunately, while a setuid command may have no
obvious bugs, it is not always safe to say that it obviously has
no bugs (...interesting how language works).

Besides, an unethical system vendor might just as well put a trojan
horse into the kernel or compiler. It could be well-hidden (at least
if source was unavailable) and quite difficult to remove.

					Mark Brukhartz
					..!ihnp4!laidbak!mark