Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!sri-spam!sri-unix!hplabs!pyramid!amdahl!oliveb!sun!guy
From: guy@sun.uucp (Guy Harris)
Newsgroups: net.unix-wizards
Subject: Re: write clears setuid
Message-ID: <8832@sun.uucp>
Date: Mon, 3-Nov-86 03:17:37 EST
Article-I.D.: sun.8832
Posted: Mon Nov  3 03:17:37 1986
Date-Received: Tue, 4-Nov-86 05:08:06 EST
References: <115@tijc02.UUCP> <735@hropus.UUCP> <1040@ho95e.UUCP> <8616@sun.uucp> <700@copper.UUCP>
Organization: Sun Microsystems, Inc.
Lines: 16

> I think this airbag solves a significant class of potential
> security problems, such as the following: once I was snooping
> around looking for setuid programs (never mind why :-), and I
> discovered that, to my astonishment, /usr/bin/uniq was setuid
> root!

This class of "passive restraint", like the automotive kind, seems to be
intended to protect people who would not otherwise protect themselves.  As
you point out, even with that particular sodium-azide-bag, a would-be system
cracker can do a fair bit of damage with an inappropriately-set-UID program.
The added protection provided by turning off the set-UID bit when writing to
a file is pretty minimal in this case.
-- 
	Guy Harris
	{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
	guy@sun.com (or guy@sun.arpa)