Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site alice.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!alice!reeds
From: reeds@alice.UUCP (Jim Reeds)
Newsgroups: net.micro.att
Subject: Re: S-bit set on UnixPC mv
Message-ID: <4063@alice.UUCP>
Date: Sun, 28-Jul-85 20:07:05 EDT
Article-I.D.: alice.4063
Posted: Sun Jul 28 20:07:05 1985
Date-Received: Wed, 31-Jul-85 04:05:14 EDT
References: <1284@cwruecmp.UUCP>, <219@brl-tgr.ARPA>
Organization: Bell Labs, Murray Hill
Lines: 15


 >> A friend of mine noticed this, but the way at&t ships the Unix Pc software,
 >> the set uid bit on /bin/mv is set, and it is owned by root.  He seems to
 ...
 >> With this, all a user need do is copy the passwd file to their own directory
 >> edit, and remove the passwd field, and then mv it back and then su to root.
 ...
 >> To remove this "feature" just chmod -s /bin/mv and it will be taken care of.
 >
 >Foo!  If this is the version of "mv" that I suspect it is (pre-mvdir),
 >the above scenario is entirely wrong.  "mv" is set-UID so that it can
 >move directories (done by relinking, which requires root privilege).
 >Just because a program is set-UID root does not mean that it is stupid.

Ah, I just tried it and it works.  Very cute!