Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!nrl-cmf!mailrus!tut.cis.ohio-state.edu!ut-sally!utah-cs!utah-gr!uplherc!sp7040!wsccs!terry
From: terry@wsccs.UUCP (terry)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Message-ID: <318@wsccs.UUCP>
Date: 15 Mar 88 02:42:41 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP>
Lines: 30
Summary: Wrongo

In article <722@rivm05.UUCP>, Martien F v Steenbergen writes:
> First of all, by writing a setuid program you automatically open
> the security hole and you are likely to fall in. You must always
> be suspicious of any setuid program.

	Not if you program it correctly.  The point was that the security was
not checked by specification of the execution path, and it should have been,
as getcwd() is a library routine.

> Second, when you really need a setuid program you'll have to check a lot
> of permissions etc. yourself. One system call was created to help you with
> access permissions: access(2). access(2) uses the real user IDs instead
> of the effective user IDs when checking access permissions. (Remember that
> a setuid program only changes the effective user ID of the calling process.)

	The access() call is a kludge.  I could do that anyway with the
following:

	system( "/bin/sh -c <command>");

	Where <command> is the command I want run with the _real_ UID and GID.
Remember that the child inherits the parents effective as it's real, if it's
done this way.  This is helpful for running things which make sure you're
root before they will run.

> ___________________________MSDOSN'T_____________________________

I can't argue with you here... :-)

				Terry Lambert
				terry@wsccs