Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!sri-unix!hplabs!sdcrdcf!psivax!csun!aeusemrs
From: aeusemrs@csun.UUCP (Mike Stump)
Newsgroups: comp.bugs.sys5
Subject: mvdir, is or is not a bug?
Message-ID: <512@csun.UUCP>
Date: Mon, 19-Jan-87 18:33:41 EST
Article-I.D.: csun.512
Posted: Mon Jan 19 18:33:41 1987
Date-Received: Wed, 21-Jan-87 03:38:53 EST
References: <376@oblio.UUCP> <1987Jan14.123035.20364@sq.uucp> <807@maynard.BSW.COM>
Reply-To: aeusemrs@csun.UUCP (Mike Stump)
Organization: California State University, Northridge
Lines: 56
Keywords: S5 mvdir mv

In article <807@maynard.BSW.COM> campbell@maynard.UUCP (Larry Campbell) writes:
>In article <1987Jan14.123035.20364@sq.uucp> ian@sq.UUCP (Ian F. Darwin) writes:
>>In my humble opinion, the very *existence* of mvdir as separate
>>from the normal mv command is a bug.
>
>I agree completely.  [...]
>Against this [System V] must be balanced:
>    1)	Above-mentioned bug (yes, bug) in mv
>
>Although I suspect the reasons are political and not technical, I wonder
>if anyone at AT&T (or anyone else who thinks they know the real story)
>could comment on why so much in S5 is missing and/or wrong.

Gee, I though every one knew why they FIXED mv in System V.
It is a security loophole, isn't it obvious?  (:-)) That is why
they ONLY allow root to run it in SVR2.

Ok, now to get to the meat of the matter:
given directories d[0-1]*, where d0 is the base, and
files f[0-1]*, (e.g. d0/d1/f1*, d0/f0*),
d0 is drwxrwx--- user1 grp1, d1 is drwxr-x--- user2 grp1,
f1* is -rw-r----- user2 grp1,
in System V R2, I (being user3 grp1) I canNOT get `rid' of f1*
because I don't have write in d1,

but, if there existed mvdir in mv, or mvdir in general, then

I can mkdir d1new, selectively `cp d0/d1/* d0/d1new', and
now for the tricky part, `mvdir d0/d1 /tmp/kill_it_for_me',
and `mv d0/d1new d0/d1', put the files I WANT into d1,
after all I am now owner of it, I did the `mkdir', and then
restore all the modification and access times in d1, and
to cap it all off, `chown original_owner d0/d1/*', and
`chown original_owner d0/d1'.  All nice and tidy like.

And nobody would be the wiser.  If I could not `mvdir', the
original directory d0/d1 would have to be left in d0/.d1 or
something forever, and eventually somebody would spot it, and
say: `Gee, what is this?'  Oh, one thing, I am not sure if the
cron job (or whatever) runs in `root' but I would hope it
would, and thus, it, of course could kill the mvdir'ed
directory and recursively all the files in it for me.

Gee, some people actually don't know that Unix is not very
secure.  I know, don't flame me, I am not overly naive, it
is the problem with the person that set up the group write
priv on d0 that screwed it all up, but this is only due to
the fact that (properly) managing a Secure Unix is overly
complex.  I agree completely (I hope) that Unix (when
managed properly) is very secure.

I know this one little article is going to cause an avalanche
of of articles, but I feel I can say nothing to stop them...
-- 
Mike Stump, Cal State Univ, Northridge Comp Sci Department
uucp: {sdcrdcf, ihnp4, hplabs, ttidca, psivax, csustan}!csun!aeusemrs