Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!umich!yale!cmcl2!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.wizards
Subject: Re: SUID directories -- security concern?
Message-ID: <12157@smoke.BRL.MIL>
Date: 15 Feb 90 22:31:56 GMT
References: <14198@s.ms.uky.edu>
Reply-To: gwyn@brl.arpa (Doug Gwyn)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 24

In article <14198@s.ms.uky.edu> morgan@ms.uky.edu (Wes Morgan) writes:
>While performing a security audit on our AT&T 3B20, I discovered a
>user's subdirectory with protection drws--x--x.  Sure enough, chmod
>will allow you to do this.

I certainly hope so.

>I've never seen any code to make use of a SUID directory, ...

It can't be set-UID.  Probably if it has a meaning (which I cannot tell
without access to your system source) it is "only the owner is permitted
to remove entries from this directory".  That sort of thing is a fairly
common extension to the standard UNIX file permissions scheme.

Note also that what you might think are set-GID bits for files without
the group "execute" bit set actually mean that mandatory file/record
locking is to be enforced for the file, in recent UNIX releases.

>... since this is an undocumented capability, it may have either
>properties or side effects detrimental to our security <or the user's>.

Look, it is not your business to tell the user how to set the modes on
files he owns.  There should be no security issue involved with this.
What you have to worry about are modes on PUBLIC files.