Path: utzoo!utgpu!water!watmath!clyde!att!ihnp4!chinet!les
From: les@chinet.UUCP (Leslie Mikesell)
Newsgroups: comp.emacs
Subject: Re: Is GNU Cause of Security Problems???
Message-ID: <5574@chinet.UUCP>
Date: 12 May 88 17:18:37 GMT
References: <5290@aw.sei.cmu.edu> <4983@bloom-beacon.MIT.EDU> <193@ists> <5263@bloom-beacon.MIT.EDU> <7013@swan.ulowell.edu>
Reply-To: les@chinet.UUCP (Leslie Mikesell)
Organization: Chinet - Public Access Unix
Lines: 15

In article <7013@swan.ulowell.edu> arosen@hawk.ulowell.edu (MFHorn) writes:
>>$ grep -n chmod gnuemacs-18.51/build-install
>>gnuemacs-18.51/build-install:29:chmod 777 $BIN/{ctags,etags,emacs}
>>PS. For those that haven't caught on yet, change the 777 to 755
>Has everyone forgot that a non-superuser writing to a s{ug}id file
>CLEARS the s{ugid} bit(s)?  [at least in every version of Unix I've
>seen or heard of]

S{ug}id is not the point here.  Anyone can compile up a new version, put it
in place and wait for root to execute it.  A few added lines of code
could easily make it create a copy of another program (like /bin/sh) in
some hidden place and make it suid root.


Les Mikesell