jand@maestro.htsa.aha.nl (Jan Derriks) (02/26/91)
DISCLAIMER: I have contacted the CRC about this. The response was very
'tame' (dull, not really interested). The question I got
was: does the manual page say this should *not* be the case ?
I assume it's a local security problem but would like to
know what to do about it (other than 'rm /usr/bin/uucp').
BUG: uucp retains setuid bits when a (local) copy of a file is done.
the new file is owned by uucp.
Reproduce by: $ echo '#!/usr/bin/id' >foobar
$ chmod 6555 foobar
$ uucp foobar test (test is owned by uucp with suid ?)
$ ./test
(effective id becomes uucp if filesystem allows it)
The manual page says the mode of the copied file should become 0666.
Can anyone tell me why on our HP9000/835 HPUX 7.0 system it doesnt ?
(btw, it is not a 'secure' system).
[do a 'chmod go-rwx /usr/bin/uucp' if you are afraid of bad guys running
around as uucp. But don't worry, it's still a long way from being root ]
Jan Derriks.
Flames will be used to heaten our office and will be accepted gratefully
during winter times.
--
A chubby man with a white beard and a red suit will approach you soon.
Avoid him. He's a Commie.