Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ucbvax!decwrl!purdue!i.cc.purdue.edu!j.cc.purdue.edu!pur-ee!a.cs.uiuc.edu!bradley!brian
From: brian@bradley.UUCP
Newsgroups: comp.unix.questions
Subject: Re: Setuid on expreserve and exrecover
Message-ID: <10800022@bradley>
Date: 18 Jul 88 13:03:00 GMT
References: <794@pttesac.UUCP>
Lines: 22
Nf-ID: #R:pttesac.UUCP:794:bradley:10800022:000:1030
Nf-From: bradley.UUCP!brian    Jul 18 08:03:00 1988


> /* Written 10:08 am  Jul 14, 1988 by jmc@ptsfa.PacBell.COM */
> In article <794@pttesac.UUCP> robert@pttesac.UUCP (Robert Rodriguez) writes:
> >Does anyone know the reason for /usr/lib/ex*preserve being
> >set-user-id bin or root ?
> 
> Needed on BSD but not on System V due to chown() requiring root privileges. 
> 
> Do us all a favor and if you are a V. system chmod 555 ex*preserve and
> chmod 777 /usr/preserve.  ex*preserve has a well-known security problem.
> If any vendor is still delivering systems with ex*preserve setuid they
> should be shot at sunrise.

  I looked at /usr/lib/expreserve on one of the AT&T 3B15's here, and
it is setuid root. Perhaps AT&T should be shot at sunrise? :-)

...............................................................................

  When the going gets weird, the weird turn pro.

  Brian Michael Wendt       UUCP: {cepu,ihnp4,uiucdcs,noao}!bradley!brian
  Bradley University        ARPA: cepu!bradley!brian@seas.ucla.edu
  (309) 677-2230            ICBM: 40 40' N  89 34' W