robert@pttesac.UUCP (Robert Rodriguez) (07/14/88)
Does anyone know the reason for /usr/lib/ex*preserve being set-user-id bin or root ? Ex*preserve is the program called by "vi" when a connection is dropped without having saved the contents of the vi buffer. Please e-mail me, and I'll summerize to the net if there is interest. Thanks.
jmc@ptsfa.PacBell.COM (Jerry Carlin) (07/14/88)
In article <794@pttesac.UUCP> robert@pttesac.UUCP (Robert Rodriguez) writes: >Does anyone know the reason for /usr/lib/ex*preserve being >set-user-id bin or root ? Needed on BSD but not on System V due to chown() requiring root privileges. Do us all a favor and if you are a V. system chmod 555 ex*preserve and chmod 777 /usr/preserve. ex*preserve has a well-known security problem. If any vendor is still delivering systems with ex*preserve setuid they should be shot at sunrise. -- Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc To dream the impossible dream. To fight the unbeatable foe.
rjd@occrsh.ATT.COM (Randy_Davis) (07/15/88)
In article <794@pttesac.UUCP> robert@pttesac.UUCP (Robert Rodriguez) writes:
:Does anyone know the reason for /usr/lib/ex*preserve being
:set-user-id bin or root ?
:Ex*preserve is the program called by "vi" when a connection is
:dropped without having saved the contents of the vi buffer.
:Please e-mail me, and I'll summerize to the net if there is interest.
Email bounced, so:
Uh, yeah: The setuid root or bin is so that the /usr/lib/expreserve
program can write the file in the directory /usr/preserve, which should be
owned by bin and mode 755, e.g.:
$ ls -ald /usr/expreserve
drwxr-xr-x 5 bin bin 80 Mar 22 10:56 /usr/preserve
(Otherwise it would not be able to write to the directory....)
In this way, only you (and root and bin) can remove any of your files
stored there, and only you can change them, as the files are normally
stored mode 600 or 700.
"/usr/lib/exrecover" should be the same mode as expreserve so it can
retrieve them for you....
To the person saying that its distributors should be shot: I do beleive that
the superuser bug has been fixed! (about eight years ago...)
Randymaart@cs.vu.nl (Maarten Litmaath) (07/19/88)
In article <298@occrsh.ATT.COM> rjd@occrsh.UUCP (Randy_Davis) writes: \In article <794@pttesac.UUCP> robert@pttesac.UUCP (Robert Rodriguez) writes: \:Does anyone know the reason for /usr/lib/ex*preserve being \:set-user-id bin or root ? \... \ To the person saying that its distributors should be shot: I do beleive that \the superuser bug has been fixed! (about eight years ago...) The OLD bug has been fixed. Generally the NEW bug has NOT been fixed... (recently discussed in comp.sys5.bugs) -- I'd rather live in Russia |Maarten Litmaath @ Free U Amsterdam: than in South-Africa... |maart@cs.vu.nl, mcvax!botter!ark!maart