Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84 (Fortune 01.1b1); site graffiti.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!qantel!lll-crg!seismo!ut-sally!ut-ngp!shell!graffiti!peter
From: peter@graffiti.UUCP (Peter da Silva)
Newsgroups: net.unix
Subject: Re: Automatic root login
Message-ID: <476@graffiti.UUCP>
Date: Tue, 26-Nov-85 20:43:42 EST
Article-I.D.: graffiti.476
Posted: Tue Nov 26 20:43:42 1985
Date-Received: Fri, 29-Nov-85 21:50:33 EST
References: <306@spock.UUCP> <4513@mordor.UUCP>
Organization: The Power Elite, Houston, TX
Lines: 16

> Also, since correct setuid programs are difficult to write, you must
> now worry not only about setuid-root programs but also setuid-priv
> programs (where "priv" is any user in the privileged class).  A
> buggy setuid-priv program might be exploited to obtain a setuid-priv
> shell which could then be used to obtain root.

This is not the case. When you run a setuid program while you are setuid-ed
to someone else, it thinks you have your original uid, not whomever you have
setuid to. To demostrate this, try to perform an rmdir on someone's empty
directory while you are setuid to them. This is either a bug or a feature
depending on your perspective.
-- 
Name: Peter da Silva
Graphic: `-_-'
UUCP: ...!shell!{graffiti,baylor}!peter
IAEF: ...!kitty!baylor!peter