Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!necntc!ames!ptsfa!ihnp4!cbosgd!mtune!quincy!lenny
From: lenny@quincy.UUCP (Lenny Tropiano)
Newsgroups: comp.sys.att
Subject: Security... some mis-infomation
Message-ID: <61@quincy.UUCP>
Date: Tue, 6-Oct-87 21:15:54 EDT
Article-I.D.: quincy.61
Posted: Tue Oct  6 21:15:54 1987
Date-Received: Sat, 10-Oct-87 10:06:03 EDT
Organization: American LP Systems, Inc., Islandia, NY
Lines: 36
Keywords: security, unix-pc


I think I may have given some mis-infomation... here's a reply to
keep you all informed:

|From: talcott.harvard.edu!panda!jpn (John P. Nelson)
|Subject: Re: Security Problems (another episode)
|Newsgroups: comp.sys.att,comp.unix.wizards,att.sys.unixpc
|In-Reply-To: <58@quincy.UUCP>
|Organization: GenRad, Inc., Concord, Mass.

|>Here are some more things that urks me on the UNIX PC?  Somebody went
|>s-bit crazy!
|>
|>/bin/mv				- why this I do not know, it should be linked
|>				  with /bin/cp, /bin/ln (they compare [cmp] to
|>				  be the same although /bin/mv is unlinked and
|>				  s-bit'd as root?  
|>				  (Link it with: ln /bin/cp /bin/mv)
|
|There is a good reason why "mv" should be set-uid root.  Since System V
|does not provide a "rename" system call, moves are generally performed
|with "link", "unlink" pairs.  This does not need root privledge, unless
|you want to be able to move DIRECTORIES:  Only "root" is allowed to link
|or unlink to a directory.
|
|No doubt, since cp and ln did not need root privledge, the implementers
|decided to make a seperate copy of the program for "mv", and make THAT
|set-uid.

|The REAL solution is for AT&T to add the "rename" system call.

-- 
Lenny Tropiano               ...seismo!uunet!swlabs!godfre!quincy!lenny  -or-
American LP Systems, Inc.           ...cmcl2!phri!gor!helm!quincy!lenny  -or-
1777-18 Veterans Memorial Hwy.   	          ...mtune!quincy!lenny  -or
Islandia, New York 11722     +1 516-582-5525 ...ihnp4!icus!quincy!lenny