Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ihnp4!homxb!houxm!ho95e!wcs
From: wcs@ho95e.UUCP
Newsgroups: comp.unix.wizards,comp.unix.questions
Subject: Re: UNIX file setuid sucurity hole?
Message-ID: <1351@ho95e.ATT.COM>
Date: Fri, 13-Mar-87 18:09:49 EST
Article-I.D.: ho95e.1351
Posted: Fri Mar 13 18:09:49 1987
Date-Received: Sat, 14-Mar-87 11:30:28 EST
References: <2168@ncoast.UUCP> <695@aw.sei.cmu.edu.sei.cmu.edu>
Reply-To: wcs@ho95e.UUCP (46133-Bill.Stewart,2G218,x0705,)
Distribution: world
Organization: AT&T Bell Labs 46133, Holmdel, NJ
Lines: 21
Xref: utgpu comp.unix.wizards:1370 comp.unix.questions:1360

In article <695@aw.sei.cmu.edu.sei.cmu.edu> pdb@sei.cmu.edu.UUCP (Pat Barron) writes:
>In article <2168@ncoast.UUCP> robertd@ncoast.UUCP (Robert DeMarco) writes:
>>   [  setuid + chown is unsafe ]

>Easy.  Remember, unless you are the super-user, you can't use the chown command
>at all, not even to chown one of your own files.
	On systems derived from V7 (V7, Berkeley 4.*, and maybe V8/V9), only
the superuser can use chown.  On System III, System V, and their derivatives,
everyone can do chown, but chown turns off setuid.  There were a few other
holes that also had to be plugged, but they're "all" fixed.  Chown is a
tremendous convenience in a multi-person project; it makes it much easier to
give files away.

> if you were on a system with disk space accounting, if just anyone could
> chown stuff, you could subvert the accounting system.
	This is still possible, but many accounting systems either don't charge
for disk space, or charge for total blocks under $HOME.  It's not usually a big
problem, and if it becomes one, it's not hard to give each user a report of
"files you own that aren't under your $HOME".
-- 
# Bill Stewart, AT&T Bell Labs 2G-202, Holmdel NJ 1-201-949-0705 ihnp4!ho95c!wcs