Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ihnp4!homxb!houxm!mtuxo!mtgzy!ecl
From: ecl@mtgzy.UUCP
Newsgroups: comp.unix.wizards,comp.unix.questions
Subject: Re: UNIX file setuid sucurity hole?
Message-ID: <2447@mtgzy.UUCP>
Date: Fri, 13-Mar-87 10:32:17 EST
Article-I.D.: mtgzy.2447
Posted: Fri Mar 13 10:32:17 1987
Date-Received: Sat, 14-Mar-87 09:38:44 EST
References: <2168@ncoast.UUCP> <1772@hi.uucp>
Organization: AT&T, Middletown NJ
Lines: 19
Xref: utgpu comp.unix.wizards:1362 comp.unix.questions:1354
Summary: not a hole

In article <2168@ncoast.uucp>, robertd@ncoast.uucp (Robert DeMarco) writes:
> I mean, couldn't someone who knows C alot write a program that is equivlent to
> "cat" that would display another users secret file.  Then simply chmod the
> file to set to the owners ID apon execution?  Then chown it to the owner.
> Then execute the command.  Your uid will be set to the owner , who owns the
> file you wish to see.

Then, article <1772@hi.uucp>, josh@hi.uucp (Josh Siegel) writes:
> I cannot be sure but don't you have to be root to use chown?
> If not, then yes... chown is a security hole.  What operating
>  system are you using that allows this?

Any operating system I have used (currently it's SVR2) unsets the setuid bits
of a file when its ownership is changed.

					Evelyn C. Leeper
					(201) 957-2070
				UUCP:	ihnp4!mtgzy!ecl
				ARPA:	mtgzy!ecl@rutgers.rutgers.edu