Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site ttrdc.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!mgnetp!ltuxa!ttrdc!levy From: levy@ttrdc.UUCP (Daniel R. Levy) Newsgroups: net.unix Subject: Re: Automatic root login Message-ID: <613@ttrdc.UUCP> Date: Mon, 2-Dec-85 21:28:37 EST Article-I.D.: ttrdc.613 Posted: Mon Dec 2 21:28:37 1985 Date-Received: Thu, 5-Dec-85 04:21:33 EST References: <306@spock.UUCP> <4513@mordor.UUCP> <476@graffiti.UUCP> Organization: AT&T, Computer Systems Division, Skokie, IL Lines: 25 In article <476@graffiti.UUCP>, peter@graffiti.UUCP (Peter da Silva) writes: >When you run a setuid program while you are setuid-ed >to someone else, it thinks you have your original uid, not whomever you have >setuid to. To demostrate this, try to perform an rmdir on someone's empty >directory while you are setuid to them. This is either a bug or a feature >depending on your perspective. >-- >Name: Peter da Silva I noticed something else funny (peculiar etc.) with respect to this. If I am root and run cu to another system and attempt to do a ~%take from the remote, I am DENIED PERMISSION to divert except to a publicly writeable directory like /tmp !!! (cu is setuid uucp) This is when I log in on the console as root. (This points out a bug in cu anyway; it also would be nicer if upon getting the builtin ~%take sequence, cu would first check whether it is indeed possible to write or create the desired file before telling the remote to send it. I have added this feature to a cu I have running here but that's beside the point anyhow; the point is setuid.) -- ------------------------------- Disclaimer: The views contained herein are | dan levy | yvel nad | my own and are not at all those of my em- | an engihacker @ | ployer or the administrator of any computer | at&t computer systems division | upon which I may hack. | skokie, illinois | -------------------------------- Path: ..!ihnp4!ttrdc!levy