Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site pegasus.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!inuxc!pegasus!hansen
From: hansen@pegasus.UUCP (Tony L. Hansen)
Newsgroups: net.unix-wizards
Subject: what are the implications of shell doing setuid(getuid())?
Message-ID: <2581@pegasus.UUCP>
Date: Fri, 13-Sep-85 12:15:17 EDT
Article-I.D.: pegasus.2581
Posted: Fri Sep 13 12:15:17 1985
Date-Received: Sat, 14-Sep-85 07:10:42 EDT
Organization: AT&T Information Systems, Lincroft NJ
Lines: 9


I was recently asked what the implications would be of having the shell do a
setuid(getuid()) and setgid(getgid()) as soon as it's invoked. The reason is
to try and plug up any security holes caused by set[ug]id programs that
invoke system(3C) or popen(3S). What tools are there that anyone knows of
that would be broken if this change were made, locally, or for real?

					Tony Hansen
					ihnp4!pegasus!hansen