Aucbvax.2985 fa.unix-wizards utzoo!decvax!ucbvax!unix-wizards Tue Sep 8 03:00:29 1981 union of effective and real permissions with setuid >From Wales@UCLA-SECURITY Mon Sep 7 23:46:42 1981 My first reaction to the suggestion that setuid programs have permissions which are the union of the real and effective uids' permissions is that it will complicate the UUCP situation. Most setuid programs, it is true, are setuid in order to give the invoker some permissions which he did not previously have (e.g., access or modify a critical file in a controlled fashion). These programs would probably benefit from the "union" mod -- assuming they were setuid to something other than root; a setuid-to-root program already has all the permissions in the world anyway. The UUCP programs, on the other hand, are setuid in order to RESTRICT the invoker's abilities. Above all, you DON'T want UUCP et al. to have the permissions of the superuser (that's why they are setuid to "uucp" rather than "root"). If I understand your suggestion correctly, a "uucico" spun off by "cron" (which, in Berkeley UNIX at least, is executed as root) would have superuser permissions (real uid = "root") as well as "uucp" permissions (effective uid = "uucp"). This, I feel, is unacceptable. I realize that this is a complex issue, because some setuid programs (owned by someone other than root) might want the real uid's permissions, and some might not. If this "union" mod gets put in, there had better be a reasonable way that a program like UUCP can specify that it wants ONLY the effective uid's permissions. -- Rich Wales ------- ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.