Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!rutgers!seismo!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: net.unix-wizards
Subject: Re: Which commands (in /bin & /usr/bin) must have set user ID (for root)
Message-ID: <4784@brl-smoke.ARPA>
Date: Tue, 21-Oct-86 12:20:48 EDT
Article-I.D.: brl-smok.4784
Posted: Tue Oct 21 12:20:48 1986
Date-Received: Wed, 22-Oct-86 05:31:45 EDT
References: <115@tijc02.UUCP> <735@hropus.UUCP> <1040@ho95e.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 8

In article <1040@ho95e.UUCP> wcs@ho95e.UUCP (Bill Stewart 1-201-949-0705 ihnp4!ho95c!wcs HO 2G202) writes:
>What surprised me about the list Jim replied with was that most of the commands
>were -rws......!  Why should a setuid command *ever* be writeable? - it's just
>*inviting* attempts to find a bug and convince the command to write over itself.

The "write" access bit on a file owned by "root" is essentially a no-op,
since the super-user (or a privileged process) could write the file anyway.
It doesn't create any additional security problem that I can see.