Path: utzoo!mnetor!uunet!vsi!friedl
From: friedl@vsi.UUCP (Stephen J. Friedl)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole
Message-ID: <525@vsi.UUCP>
Date: 13 Apr 88 00:49:44 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <478@minya.UUCP> <7521@ncoast.UUCP> <7659@brl-smoke.ARPA>
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 13
Summary: write does not clear set-?ID on SVR2

In article <7659@brl-smoke.ARPA>, gwyn@brl-smoke.ARPA (Doug Gwyn ) writes:
> The "alternative" has to be used, since writing a file normally
> clears the set-?ID bits, at least on reasonable implementations
> of UNIX.  (The exception is when UID 0 does this, but "news"
> should not be UID 0.)

SVR2 and SVR3 on the 3B2 don't clear set-?ID bits on write, and
I've not heard of any straight Sys V ports that do this.  No comment
on the "reasonable" tag, but I think that clear-set?id-on-write
is not as widespread as the above paragraph might indicate.  Too bad.
-- 
Steve Friedl   V-Systems, Inc.   "Yes, I'm jeff@unh's brother"
friedl@vsi.com  {backbones}!vsi.com!friedl  attmail!vsi!friedl