Xref: utzoo comp.unix.wizards:7235 comp.bugs.sys5:395
Path: utzoo!mnetor!uunet!husc6!mit-eddie!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards,comp.bugs.sys5
Subject: Re: Guide to writing secure setuid programs?
Message-ID: <488@minya.UUCP>
Date: 21 Mar 88 02:33:04 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <1037@woton.UUCP> <3738@bloom-beacon.MIT.EDU>
Organization: home
Lines: 15
Summary: append.c

> A much better approach would be to have a pseudo-user for for whatever
> facility you were creating, and a _short_, _auditable_ setuid program,
> without shell escapes and other similar nonsense, to deposit things in
> the spool directory.  

A program that does exactly this was posted to one of the sources group
a couple of years back, under the name "append.c".  Perhaps it's time
to post it again.  Or is it archived in one or the source newsgroups?

It was also a Unix implementation of a Multics security feature.  It's
also a good counter-example to the frequent claims that all setuid programs
are Bad Things.

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)