Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!brl-adm!brl-smoke!gwyn
From: gwyn@brl-smoke.ARPA (Doug Gwyn )
Newsgroups: comp.unix.wizards,comp.unix.questions
Subject: Re: UNIX file setuid sucurity hole?
Message-ID: <5686@brl-smoke.ARPA>
Date: Mon, 16-Mar-87 16:58:05 EST
Article-I.D.: brl-smok.5686
Posted: Mon Mar 16 16:58:05 1987
Date-Received: Fri, 20-Mar-87 00:44:55 EST
References: <2168@ncoast.UUCP>
Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>)
Distribution: world
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 17
Xref: mnetor comp.unix.wizards:1500 comp.unix.questions:1493

In article <2168@ncoast.UUCP> robertd@ncoast.UUCP (Robert DeMarco) writes:
>	I mean, couldn't someone who
>knows C alot write a program that is
>equivlent to "cat" that would display
>another users secret file. Then simply
>chmod the file to set to the owners ID
>apon execution?

I assume you're discussing the AT&T (System V) family of UNIX,
since on others you are not able to chown a file without being
super-user.

According to the manual, which you should read,
	"If chown is invoked successfully by other than the
	super-user, it clears the set-user-ID and set-group-ID bits
	of the file-mode."
So your trick doesn't work.