Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ucbvax!jade!eris!mwm
From: mwm@eris.UUCP
Newsgroups: comp.unix.wizards,comp.unix.questions
Subject: Re: UNIX file setuid sucurity hole?
Message-ID: <2797@jade.BERKELEY.EDU>
Date: Fri, 13-Mar-87 18:56:40 EST
Article-I.D.: jade.2797
Posted: Fri Mar 13 18:56:40 1987
Date-Received: Sat, 14-Mar-87 19:35:59 EST
References: <2168@ncoast.UUCP> <695@aw.sei.cmu.edu.sei.cmu.edu> <2195@ptsfa.UUCP>
Sender: usenet@jade.BERKELEY.EDU
Reply-To: mwm@eris.BERKELEY.EDU (Mike (No one lives forever.) Meyer)
Distribution: world
Organization: Missionaria Phonibalonica
Lines: 28
Xref: utgpu comp.unix.wizards:1382 comp.unix.questions:1367

Sigh. Much disinformation floating around about this.

Straight data:

1) On BSD systems, only root can chown files.

2) On AT&T systems, you can give files away if you own them; root can
chown files arbitrarily. Even then, the setuid & setgid bits are
turned off if it isn't root doing the chown.

The above can be found in the man pages for both systems. Perusing the
source reveals:

3) On 4BSD systems, you can give a file to yourself without errors
(odd, but probably because the chown system call subsumes the chgrp
system call). If you aren't root, chown will turn off the setuid &
setgid bits.

Finally, it should be noted that the ability to give away files really
mangles disk useage tracking, and creates major security holes
elsewhere (do to bogosity in some system utilities).

	<mike
--
But I'll survive, no you won't catch me,		Mike Meyer
I'll resist the urge that is tempting me,		ucbvax!mwm
I'll avert my eyes, keep you off my knee,		mwm@berkeley.edu
But it feels so good when you talk to me.		mwm@ucbjade.BITNET