Aucbvax.4485 fa.unix-wizards utzoo!decvax!ucbvax!unix-wizards Fri Oct 16 00:05:49 1981 details of dmr's solution >From teklabs!tekmdp!azure!grahamr@Berkeley Thu Oct 15 21:47:28 1981 Does this table agree with Mr. Ritchie's solution? process ids match: no file ids file gid file uid both ----------- -------- -------- ---- setuid file: no w access no w access use u w bit use u w bit setgid file: no w access use g w bit no w access use g w bit both: no w access use g w bit use u w bit use u w bit The interesting cell in this table occurs where the file is owned by the user and group who owns the process, yet the group protection bit is used because the file is setgid and not setuid. Is this right? If so, it makes me suspicious of the correctness of the whole bottom row. For a file which is both setuid and setgid, perhaps there should be no w access except to processes with matching uid AND gid. If this is right, then perhaps in case both match, some combination of the u and g bits should be used instead of the usual owner-first strategy (which I have used here). The solution expressed in my table solves Mr. Bellovin's problem (at the cost of making his program setgid as well as setuid). I certainly hope that whatever solutions are found to the real vs. effective questions will simply apply across the board here. In my experience it's details like these that make or break a protec- tion strategy. So speak up, dmr! What did you mean? -Graham Ross (duke!chico!teklabs!tekmdp!grahamr) ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.