Aucbvax.4480
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Thu Oct 15 23:47:39 1981
double setuid programs and accounting
>From cbosgd!mark@Berkeley Thu Oct 15 21:17:03 1981
In reply to Dale DeJager's note about accounting:

I claim that the real uid is no good for accounting anyway, since the
UNIX philosophy is to let one user start a daemon which does work spooled
by many.  The uucp and lpr deamons work this way - you could be charged
for a good deal of work that was spooled by someone else.  I would appreciate
hearing from sites that really do accounting - to what extent do you depend
on the real uid, and what do you do about uucp and lpr?  What sites out there
would object to allowing setuid(geteuid()) on accounting or other grounds?

mknod needs to be protected to prevent people from making nonstandard
directory structures (with funny things in . and ..) and read-allowed
versions of special devices, protected files, etc.

-----------------------------------------------------------------
 gopher://quux.org/ conversion by John Goerzen <jgoerzen@complete.org>
 of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 
 Bruce Jones, Henry Spencer, David Wiseman.