setuid problems

• This "setuid" feature has opened a long series of holes:

• For example:

        % cp /bin/sh /tmp/mysh
        % chmod 4755 /tmp/mysh
        % ls -l /tmp/mysh
        -rwsr-xr-x    1 mjd     users       512668 Feb 28  2001 /tmp/mysh

        % chown root /tmp/mysh

• Solution: chown should clear the setuid bits

Next

Copyright © 2005 M. J. Dominus