Apur-ee.134 fa.unix-wizards utzoo!decvax!pur-ee!bruner Fri Sep 11 11:06:07 1981 setuid cleared on write I don't, in general, like systems that "hold my hand" either. I personally don't like having setuid/setgid cleared when a file is written under any circumstances. However, in a university environment with over two thousand undergraduate accounts, some provisions must be made for the novice user. I'm not concerned that a system staff member will leave a setuid root file world writable. However, I have seen students create mode 4777 files (even though the umask is 022) so that their friends can use their accounts. A malicious user will usually wreak havoc using an account other than his own (to avoid detection). It is necessary, in this environment, to protect novice users from themselves. Given this assumption, I was suggesting a solution which preserves as much flexibility as possible. System crashers have incredible amounts of time to go searching for writable setuid files or to try out every possible way to crash a setuid program. (For that reason, I suggest that we either don't bring up security topics in "unix-wizards", or we specify exactly what the problem is when a security "hole" is detected. If a "hacker" and a system staff member read the same "news" entry hinting at a security hole, it will probably be the hacker who figures it out first because he's got "all of the time in the world". Note also that inter-machine mail isn't secure because the files are world-readable, so private correspondence about security problems should be done by some other means.) I don't like solutions which restrict access or flexibility, and I certainly don't like hacks in the kernel, but in cases like this one I can see no alternative. --John ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.