Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site alice.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!mhuxn!mhuxr!ulysses!allegra!alice!reeds
From: reeds@alice.UUCP (Jim Reeds)
Newsgroups: net.micro.att
Subject: setuid /bin/mv
Message-ID: <4066@alice.UUCP>
Date: Sun, 28-Jul-85 22:33:34 EDT
Article-I.D.: alice.4066
Posted: Sun Jul 28 22:33:34 1985
Date-Received: Wed, 31-Jul-85 01:15:31 EDT
Organization: Bell Labs, Murray Hill
Lines: 20

About the setuid root version of /bin/mv distributed with the 7300
UNIX PC.  One can indeed become super user by typing the commands

	mv myversion /etc/passwd
	su

Marty Shannon pointed out to me a few minutes ago, however, that
this  problem can be fixed by using chmod to allow only the owner to
have write permission to /etc.  He suggests 

	chmod go-w /etc

On my machine this seems to fix the problem.
This is a pretty shrewd thing to do in any case, even if you are
not worried about illicit super user-hood: you cut down the chance
of accidental trashing of the vital /etc/init, /etc/getty, etc, etc,
without which there would be no joy.


Jim Reeds