Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!rutgers!sunybcs!boulder!hao!oddjob!gargoyle!ihnp4!ihlpe!daryl
From: daryl@ihlpe.ATT.COM (Daryl Monge)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <2044@ihlpe.ATT.COM>
Date: Sun, 13-Sep-87 20:22:54 EDT
Article-I.D.: ihlpe.2044
Posted: Sun Sep 13 20:22:54 1987
Date-Received: Tue, 15-Sep-87 03:04:11 EDT
References: <313@pvab.UUCP> <1284@mhres.mh.nl> <1986@kitty.UUCP> <147@stb.UUCP>
Organization: Engineering Design Process Department, AT&T Bell Labs
Lines: 17
Summary: better, but not there yet.
Xref: mnetor comp.unix.questions:4055 comp.bugs.sys5:218

In article <147@stb.UUCP>, michael@stb.UUCP (Michael) writes:
> If you are having problems with a setuid program not being able to access files,
> there is an old and working workaround: The set-G-id bit.

I like this one, but it is not there yet.  For example, I may have a test bed
of source code or a data base that is owned by some project id and is set
group read/world no access.  My setGid application (lp or whatever) still
cannot access the file since I am normally using my group permissions to
access the file.

My requirements on anyone offering a solution to this problem is that file
access should follow normal UNIX file security semantics regardless of the
set[UG]id-ness of the application.

Daryl Monge				UUCP:	...!ihnp4!ihcae!daryl
AT&T					CIS:	72717,65
Bell Labs, Naperville, Ill		AT&T	312-979-3603