Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cuae2!ltuxa!ttrdc!levy From: levy@ttrdc.UUCP (Daniel R. Levy) Newsgroups: net.unix-wizards Subject: Re: Which commands (in /bin & /usr/bin) must have set user ID (for root) Message-ID: <1269@ttrdc.UUCP> Date: Thu, 23-Oct-86 00:18:50 EDT Article-I.D.: ttrdc.1269 Posted: Thu Oct 23 00:18:50 1986 Date-Received: Fri, 24-Oct-86 08:40:44 EDT References: <115@tijc02.UUCP> <735@hropus.UUCP> <1040@ho95e.UUCP> Organization: AT&T, Computer Systems Division, Skokie, IL Lines: 24 In article <1040@ho95e.UUCP>, wcs@ho95e.UUCP (#Bill.Stewart) writes: >What surprised me about the list Jim replied with was that most of the commands >were -rws......! Why should a setuid command *ever* be writeable? - it's just >*inviting* attempts to find a bug and convince the command to write over itself. Waitaminnit... at least on SysV, it is not possible to overwrite, or remove the last link to, any executable file which is currently being run (this doesn't count shell scripts). I do not know whether BSD has the same restriction. Could someone suggest a reason for this (other than security)... is this to accommodate versions of the UNIX OS which can page or swap text out of the filesystem? What about UNIX systems which don't swap or page out of the filesystem? But I digress. A setuid command being writeable makes it easier for the system admin to install a new version, I suppose, though it seems almost as easy for makefiles to put in an explicit rm -f or chmod when needed. ># Bill Stewart, AT&T Bell Labs 2G-202, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs -- ------------------------------- Disclaimer: The views contained herein are | dan levy | yvel nad | my own and are not at all those of my em- | an engihacker @ | ployer or the administrator of any computer | at&t computer systems division | upon which I may hack. | skokie, illinois | -------------------------------- Path: ..!{akgua,homxb,ihnp4,ltuxa,mvuxa, go for it! allegra,ulysses,vax135}!ttrdc!levy