Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!sundc!rlgvax!vrdxhq!grebyn!paisano!demasi From: demasi@paisano.UUCP (Michael C. De Masi) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SysV lp spooler a security hole Message-ID: <252@paisano.UUCP> Date: Thu, 24-Sep-87 13:45:48 EDT Article-I.D.: paisano.252 Posted: Thu Sep 24 13:45:48 1987 Date-Received: Sat, 26-Sep-87 19:35:18 EDT References: <313@pvab.UUCP> <1284@mhres.mh.nl> <1986@kitty.UUCP> <147@stb.UUCP> <484@riddle.UUCP> Organization: AT&T Communications. Fairfax, VA Lines: 42 Summary: How is this a security hole? Xref: mnetor comp.unix.questions:4252 comp.bugs.sys5:251 In article <484@riddle.UUCP>, domo@riddle.UUCP (Dominic Dunlop) writes: ... > > Incidentally, it occurs to me that the only reason that > > lp < file > > gets around the problem is because of a security hole in the UNIX kernel. > Were access rights checked on every read, rather than just when the file is > opened, a setuid program would be unable to read a file with restricted > permissions, even if it had been opened and attached to stdin by a shell > which was able to read it. ... > Dominic Dunlop > domo@riddle.uucp domo@sphinx.co.uk How can this be considered a security hole? When redirecting standard input from a file into a program, setuig-gid or not, one still has to have the proper permissions to read the file that's being redirected. That is, if you can't read the file, you can't redirect it as input to another program, anyway, so what's the problem? If I'm reading what you wrote correctly, every utility within UNIX would have to have the same ownership (effectively) as every file on which it is to work. You can't mean that, can you? By the same token, what you say is true, permissions are only checked at the time a file is opened. But all that amounts to is that if you are reading from (or writing to) one of my files, and within the course of your process I change the permissions on that file in such a way as to make it inaccessable to you, it will have no effect on your process (unless you close the file, for some rea- son, then try to re-open it) but again, what's the big deal? If you wish to maintain a file with restricted access, create it that way. As I said, perhaps I misunderstand you, if so, please point out my error (Nothing like a good argument, huh?) -- Michael C. De Masi - AT&T Communications (For whom I work and not speak) 3702 Pender Drive, Fairfax, Virginia 22030 Phone: 703-246-9555 UUCP: seismo!decuac!grebyn!paisano!demasi "There are monkey boys on the premises." Unknown red Lectroid.