Xref: utzoo comp.unix.wizards:6962 comp.bugs.sys5:352
Path: utzoo!mnetor!uunet!husc6!ut-sally!im4u!woton!riddle
From: riddle@woton.UUCP (Prentiss Riddle )
Newsgroups: comp.unix.wizards,comp.bugs.sys5
Subject: Guide to writing secure setuid programs?
Message-ID: <1037@woton.UUCP>
Date: 9 Mar 88 15:53:05 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP>
Followup-To: comp.unix.wizards
Organization: Shriners Burns Institute, Galveston
Lines: 15
Summary: was re: A security hole (from comp.bugs.sys5)
Set-Hoodoo-Id: "Bob"


There's been a recent flurry of discussion in comp.bugs.sys5 about a
few specific security pitfalls to avoid in writing setuid programs.  I
get the feeling that this is just the tip of the iceberg. 

Can anyone point us to a more comprehensive guide to how to write good
setuid programs?  If you've got something on-line, please consider
posting it; if you know of good book or journal references, please mail
them to me and I will summarize. 

And if nothing of this sort exists, perhaps it's time to write one. 
Thanks. 

-- Prentiss Riddle ("Aprendiz de todo, maestro de nada.")
-- Opinions expressed are not necessarily those of my employer.
-- riddle%woton.uucp@im4u.utexas.edu  {ihnp4,uunet}!ut-sally!im4u!woton!riddle