Xref: utzoo comp.unix.wizards:7066 comp.bugs.sys5:372
Path: utzoo!mnetor!uunet!vsi!friedl
From: friedl@vsi.UUCP (Stephen J. Friedl)
Newsgroups: comp.unix.wizards,comp.bugs.sys5
Subject: Re: Guide to writing secure setuid programs?
Message-ID: <391@vsi.UUCP>
Date: 14 Mar 88 04:50:55 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP> <8468@eddie.MIT.EDU>
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 29
Summary: you missed one, *plus* info on SVR3.2

In article <8468@eddie.MIT.EDU>, jbs@fenchurch.MIT.EDU (Jeff Siegal) writes:
> Setting the directory mode to 777 by itself doesn't let anyone modify
> or read anything.  All it allows people do is:
> 
> 	1. List the file names in the directory
> 	2. Access files in the dirctory _according_to_their_modes.
> 	3. Remove files from the directory.

You missed at least two:

	4. Rename files
	5. Add new files

What if you see a job ready to print.  You know payroll will be printing
checks soon so you make up a file of your own checks.  When you see it
in the queue you remove theirs and insert yours.

Another one: your system's laser printer has usage accounting built
into the spooler.  You make up your own spooler files and stick them
in the directory directly.  The despooler never knows the difference.

The set-sticky-bit-on-directory fix will be available for SVR3.2
from AT&T soon.  If this is done, you only can only unlink files
if you own the file or own the directory.  This largely fixes the
above problems in the manner of BSD.

-- 
Steve Friedl, KA8CMY      ARPA/CSNet:  friedl@vsi.uu.net       *Hi Mom*
uucp email : { kentvax, uunet, attmail, ihnp4!amdcad!uport }!vsi!friedl
"Too bad we judge others by their actions and ourselves by our motives"