Path: utzoo!mnetor!uunet!husc6!think!ames!pacbell!att-ih!ihnp4!ihlpf!nevin1 From: nevin1@ihlpf.ATT.COM (00704a-Liber) Newsgroups: comp.unix.wizards Subject: Re: Guide to writing secure setuid programs? Message-ID: <4009@ihlpf.ATT.COM> Date: 16 Mar 88 00:07:47 GMT References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP> <700@virginia.acc.virginia.edu> Reply-To: nevin1@ihlpf.UUCP (00704a-Liber,N.J.) Organization: AT&T Bell Laboratories - Naperville, Illinois Lines: 28 In article <700@virginia.acc.virginia.edu> scl@virginia.acc.Virginia.EDU (Steve Losen) writes: >I have no guide for writing setuid programs, but here are a few >ideas that come to mind: > >[All sorts of good setuid precautions] Most of the programs that non-SA's write that use setuid could just as easily use setgid with a unique gid for all the files that need to be affected. For example: I recently wrote a utility that needed to log user's requests. I created a group (let's call it SGROUP) different than my default group, did a 'chgrp SGROUP utility', 'chmod 2711 utility' (setgid bit), 'chgrp SGROUP directory', 'chmod 770 directory', 'chgrp SGROUP logfile', and 'chmod 660 logfile' (you do need to create the logfile yourself; otherwise, you won't own it). This, along with the other precautions mentioned in the previous article, should be sufficient for many programs which require access to files which are not owned. One more thing: NEVER HAVE THE SETUID (SETGID) BIT SET ON A FILE WHICH THE WORLD HAS WRITE PRIVILEGES ON!!! On many systems writing to a file does not turn off the setuid/setgid bit; if you let the world write to this file, you are just waiting for a disaster to happen!! Hope this helps, -- _ __ NEVIN J. LIBER ..!ihnp4!ihlpf!nevin1 (312) 510-6194 ' ) ) "The secret compartment of my ring I fill / / _ , __o ____ with an Underdog super-energy pill." / (_