Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!quintus!ok
From: ok@quintus.UUCP (Richard A. O'Keefe)
Newsgroups: comp.unix.wizards
Subject: Re: access(2) (was: Writing to A NON-Existing File in "C")
Message-ID: <889@cresswell.quintus.UUCP>
Date: 21 Apr 88 06:29:56 GMT
References: <9654@jplgodo.UUCP> <14020030@hpisod2.HP.COM> <50280@sun.uucp>
Organization: Quintus Computer Systems, Mountain View, CA
Lines: 15

In article <50280@sun.uucp>, limes@sun.uucp (Greg Limes) writes:
>                             So, it is not necessary to actually set the
> setuid and setgid bits on a program for the real and effective uids to
> be different.
  
This is the key point I had forgotten.

> I would like to pose a modified version of your question back at you:
> Is there any legitimate reason why someone might need to disable
> switchuser-ed access to a program?

Yes, there is.  Someone providing a programming system such as a Lisp or
SmallTalk interpreter might want to do this to reduce the chance of their
being held liable for loss or damage due to a security bug.  (Ok, this is
a wee bit paranoid, but I am a devout comp.risks reader.)