Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!rutgers!brl-adm!brl-smoke!smoke!bzs@bu-cs.arpa
From: bzs@bu-cs.arpa (Barry Shein)
Newsgroups: net.unix-wizards
Subject: Interesting bug...
Message-ID: <4922@brl-smoke.ARPA>
Date: Sun, 26-Oct-86 21:28:48 EST
Article-I.D.: brl-smok.4922
Posted: Sun Oct 26 21:28:48 1986
Date-Received: Mon, 27-Oct-86 05:29:14 EST
Sender: news@brl-smoke.ARPA
Lines: 31


This one has never bit me before, perhaps it's been beaten to death
(this all applies under both 4.2 and SYS/V I believe.)

Your news software (for example) is all nicely set up so everything
is setuid'd to pseudo-user news (eg. inews.)

A user, trying to be a good citizen, puts a file size limit of, oh,
2M into his/her/its .login/.profile.

An attempt to post news fails with a Filesize Limit Exceeded because
of the inherited file size limit.

I haven't tried to trace this down so perhaps it's something else, but
that's the basic symptoms and my (outside) diagnosis. Makes sense to
me, but seems like a real design problem, no? Surely if this is the
case a) it's a bad reason to make all the news [or whatever] software
setuid root and b) it's a bad reason for the user to remove his/her/its
file size limit.

The only fix I can think of off hand is to wrap the news commands in a
setuid root 'shell' which then su to news after fixing the various
limits, but it sure seems to be a lurking nuisance (that is, what else
needs to be fixed like this so as not to bite hard on nice users?)

Just thought you'd appreciate something else to worry about.

	-Barry Shein, Boston University

P.S. The actual problem was exhibited on a SUN Release 3.0 but I
am pretty sure it's generic to all 4.2/SYSV.