Path: utzoo!mnetor!uunet!mcvax!rivm!ccement
From: ccement@rivm.UUCP (Martien F v Steenbergen)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Message-ID: <725@rivm05.UUCP>
Date: 11 Mar 88 08:29:26 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <478@minya.UUCP>
Organization: RIVM, Bilthoven, The Netherlands
Lines: 59
Summary: No offense, you're right.

In article <478@minya.UUCP>, jc@minya.UUCP (John Chambers) writes:
> In article <722@rivm05.UUCP>, ccement@rivm.UUCP (Martien F v Steenbergen) writes:
> > First of all, by writing a setuid program you automatically open
> > the security hole and you are likely to fall in. You must always
> > be suspicious of any setuid program.
> 
> Uh, I'm not sure I believe all this.  I mean, I understand why root should
> never include "." or any world-writable directories in its search path.
> Does your unspecified hole amount to anything more than this?  If so, you
> aren't saying anything at all about getcwd() or popen(), just about search 
> paths.

What I am trying to say is that you must be careful writing setuid-root
(C etc.)) programs.
So many already fell into the security hole. You cannot warn them
enough. Perhaps there exists a book which describes a lot of Unix security
related topics. I'd love to have one.

> > Second, when you really need a setuid program you'll have to check a lot
> > of permissions etc. yourself. 
> 
> This adds to my conviction that someone doesn't know what they're talking
> about.  Do you perhaps mean "setuid-root"?  If so, you are of course correct.

Of course I mean setuid-root (sorry).

> If you don't understand my point, you don't know enough about Unix security
> to pontificate on the subject.

I do understand your point.
You're right, I should be more careful stating my opinions.

> Also, I'm sure that I'm far from the only one who is getting tired of seeing
> dire warnings like:
> 	The 'cc' command contains a MAJOR security hole; you should delete it
> 	from your system as fast as possible.  I can't tell you what the hole
> 	is, because it would allow any hacker to break into any Unix system in
> 	the world.  Believe me; I know what I'm talking about.
> It's easy enough to make up warnings like these, but many of them turn out
> on investigation to be full of bull; some are in fact fraudulent attempts
> to discredit someone else's useful software.

That's true, but since the Unix market and its user is growing rapidly,
there are a lot of unexperienced `system managers', who will fall into the
security hole. I think any help is welcome for those persons.
If you're tired of reading those warning, then don't read them!
(You read mine |->)

________________________________________________________________
Martien F. van Steenbergen
National Institute of Public Health and Environmental Protection
dept. RIVM/CCE
PO Box 1
3720 BA Bilthoven
The Netherlands

tel: (31) 30 742819
email: ...!mcvax!rivm!martien
________________________________________________________________