Xref: utzoo comp.unix.wizards:7182 comp.bugs.sys5:383
Path: utzoo!mnetor!uunet!husc6!bbn!rochester!PT.CS.CMU.EDU!sei!sei.cmu.edu!pdb
From: pdb@sei.cmu.edu (Patrick Barron)
Newsgroups: comp.unix.wizards,comp.bugs.sys5
Subject: Re: Guide to writing secure setuid programs?
Message-ID: <4659@aw.sei.cmu.edu>
Date: 18 Mar 88 17:32:51 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP> <239@piring.cwi.nl> <127@heart-of-gold>
Sender: netnews@sei.cmu.edu
Reply-To: pdb@sei.cmu.edu (Pat Barron)
Organization: Carnegie-Mellon University, SEI, Pgh, Pa
Lines: 19

In article <127@heart-of-gold> jc@heart-of-gold (John M Chambers x7780 1E342) writes:
>Lest people think I am being facetious, I'd like to point out that there
>is an important point at work here.  When writing a program, I don't know
>whether it will be setuid.  So how can I follow the above advice? (Obviously, 
>by not writing any programs! :-)  When I write a line of code, how do I 
>determine whether it is in a setuid program?

   On the contrary, normally when one writes a program that is going to
have the set-uid bit set, one knows that for a fact before starting.  Taking
random programs that you know little or nothing about, and making them
set-uid, is an exceptionally bad idea.

>Can anyone show me the source for setuid()?  I suspect that you can't,

  No, I can't show you the source for setuid(), but only because my Ultrix
license agreement prohibits it.... :-)  Seriously, there really is a setuid()
system call.  It doesn't do what you want, though.

--Pat.