Aucbvax.2979 fa.unix-wizards utzoo!decvax!ucbvax!unix-wizards Tue Sep 8 02:30:15 1981 >From ihnss!mhtsa!harpo!chico!esquire!nrh@Berkeley Tue Sep 8 00:57:27 1981 Subject: Unix security and mail directory Newsgroups: fa.unix-wizards >From Lepreau@UTAH-20 Sat Sep 5 06:28:45 1981 Berkeley vmunix has solved some of the security problems inherent in the setuid mechanism by one simple kernel mod: whenever a file is modified or chown'ed, the setuid/gid bits go away. This takes care of the problem James mentioned, for example. Jay ------- And here I thought that there were HACKS coming out of Berkely!!! The more side effects people build in to UNIX, the less clear the wonderful system interface will become. Turning off setuid bits on a file when chown() is called on it makes sense, because no amount of care on the part of one user could prevent his files from being compromised without this feature. Turning off setuid bits when a file is modified is an attempt to protect the programmer from a mistake in his programs. While it may be convenient, (is it really?) it seems a little misplaced. Why not a library routine to do this? One final bit of sour grapes: if something doesn't BELONG in the kernal, it doesn't matter HOW simple it is to put that thing in the kernal. ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.