Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!ucsd!ucsdhub!hp-sdd!hplabs!hpda!hpcuhb!hp-sde!hpfcdc!rml
From: rml@hpfcdc.HP.COM (Bob Lenk)
Newsgroups: comp.bugs.4bsd
Subject: Re: Hard Links between UNIX Utility Programs
Message-ID: <4910003@hpfcdc.HP.COM>
Date: 27 Jul 88 21:32:47 GMT
References: <184@chip.UUCP>
Organization: HP Ft. Collins, Co.
Lines: 17

> perhaps a simple example taken from real life.  I want to prevent users from
> examining the mailq using the /usr/ucb/mailq program because I feel that
> who a user sends mail to should not be subject to disclosure to others.

This is of little use, since "/usr/lib/sendmail -bp" is equivalent to
"mailq", even without the link.  Chris Torek's solution still applies; a
setgid program that disallows undesired options (including argv[0]) can
be used as a wrapper around the real sendmail program.

The real problem seems to be mixing functions to which different
privileges might apply in the same utility.  Whether these different
functions are specified by the name of the command, by an option,
interactively, or by any other means seems to be a side issue.

		Bob Lenk
		{ihnp4, hplabs}!hpfcla!rml
		rml%hpfcla@hplabs.hp.com