Path: utzoo!yunexus!geac!daveb
From: daveb@geac.UUCP (David Collier-Brown)
Newsgroups: comp.lang.c
Subject: Re: system (and mkdir)
Summary: Security risk became a functionality bug.
Keywords: security setuid mkdir mv rename
Message-ID: <2185@geac.UUCP>
Date: 30 Jan 88 16:21:52 GMT
Article-I.D.: geac.2185
Posted: Sat Jan 30 11:21:52 1988
References: <127@dcrbg1.UUCP> <9472@ccicpg.UUCP> <2771@cbdkc1.ATT.COM> <224@intelisc.UUCP> <1017@uokmax.UUCP> <1185@ark.cs.vu.nl>
Reply-To: daveb@geac.UUCP (David Collier-Brown)
Organization: The Geac Historical Department.
Lines: 20

In article <1185@ark.cs.vu.nl> maart@cs.vu.nl (Maarten Litmaath) writes:
|In article <1017@uokmax.UUCP> rmtodd@uokmax.UUCP () writes:
||My understanding is that mkdir() was made into a system call in BSD (probably
||because they had just changed the directory format).
|
|The 'old' mkdir program has a serious security bug (to become su).
  The "new, secure" rename system call, on the other hand, has a serious
functionality bug: it panics, dumps core and cross-links two
directories in Utrix 2.x if one tries to move a directory to a
mis-specified location.
  Setuid was **invented** to deal with the security/functionality
tradeoff in a workable way.  To claim that it is more than a
security **risk** is to mistakenly trivialize the problems T & R faced.

 --dave (do you want software written by grad students, or salesmen?) c-b
-- 
 David Collier-Brown.                 {mnetor yunexus utgpu}!geac!daveb
 Geac Computers International Inc.,   |  Computer Science loses its
 350 Steelcase Road,Markham, Ontario, |  memory (if not its mind) 
 CANADA, L3R 1B3 (416) 475-0525 x3279 |  every 6 months.