Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!cwruecmp!hal!ncoast!robertd From: robertd@ncoast.UUCP Newsgroups: comp.unix.wizards,comp.unix.questions Subject: UNIX file setuid sucurity hole? Message-ID: <2168@ncoast.UUCP> Date: Wed, 11-Mar-87 21:17:42 EST Article-I.D.: ncoast.2168 Posted: Wed Mar 11 21:17:42 1987 Date-Received: Fri, 13-Mar-87 06:20:52 EST Reply-To: robertd@ncoast.UUCP (Robert DeMarco) Distribution: world Organization: Cleveland Public Access UNIX, Cleveland, OH Lines: 51 Xref: utgpu comp.unix.wizards:1337 comp.unix.questions:1340 It just accured to me that, thanks to the chown command and "setuid to owner when executing this C program" that no ones file is realy safe. I mean, couldn't someone who knows C alot write a program that is equivlent to "cat" that would display another users secret file. Then simply chmod the file to set to the owners ID apon execution? Then chown it to the owner. Then execute the command. Your uid will be set to the owner , who owns the file you wish to see. For instance, lets say there is a file called "foo", and John Smith owns the file. Now lets say that Peter Jones wants to see the file but can't, because he's not allowed. Now Peter can write a program called "xyz" that displays John's file. How ever, Peter still can't access it. Now, lets say,that Peter sets the permision on his program so that any one can access it, and the uid will be set to owner(Peter). Now Peter then can "chown" the command to John. The file now belongs to John. Then Peter executes the file. Since the file permisions says to change id to owner, Peters Id will be changed to John's id for the duration of the program. Now Peter will BE ALLOWED to read Johns file. How can you protect against this? [> Rd -- [=====================================] [ Rob DeMarco ] [ UUCP:decvax!cwruecmp!ncoast!robertd ] [ ] [ "bus error - passengers dumped" ] [=====================================]