mkhaw@teknowledge-vaxc.ARPA (Mike Khaw) (07/11/88)
The compress program calls chown(2) to try to set the user and group of the output file to match that of the input file. 4bsd's chown() allows only root to change the user; consequently on ultrix 2.2, the entire call fails, and the output file is owned by the user who ran compress and the group that the parent directory belongs to. Do 4bsd sites run compress as a setuid root program? Is compress safe to install as a setuid root program? Thanks, Mike Khaw -- internet: mkhaw@teknowledge.arpa uucp: {uunet|sun|ucbvax|decwrl|uw-beaver}!mkhaw%teknowledge.arpa hardcopy: Teknowledge Inc, 1850 Embarcadero Rd, POB 10119, Palo Alto, CA 94303
steve@alberta.UUCP (Stephen Samuel) (07/11/88)
From article <23718@teknowledge-vaxc.ARPA>, by mkhaw@teknowledge-vaxc.ARPA (Mike Khaw): > the output file to match that of the input file. 4bsd's chown() allows > only root to change the user; consequently on ultrix 2.2, the entire call > .... Is compress safe to install as a setuid root program? Generically, I'd say no, since, because compress can write to generic files, it's a mistake to allow it to run setuid. Consider the following for a system where /tmp and /etc are on the same filesystem: cd /tmp cp /etc/passwd ./pw vi pw <change the root passwd> :x compress pw ln /etc/pw ./pw compress -d pw.Z result: One broken system...
ron@topaz.rutgers.edu (Ron Natalie) (07/11/88)
> Do 4bsd sites run compress as a setuid root program? NO. The ability for a random user to create files that end up being owned by "me" is antisocial and should NOT be supported. Too much reliance is put on the owner of the files to allow users to do this. For example, consider disk quotas. > Is compress safe to install as a setuid root program? Certainly NOT! -Ron
loverso@encore.UUCP (John Robert LoVerso) (07/15/88)
In an article mkhaw@teknowledge-vaxc.ARPA (Mike Khaw) asks about why compress does a chown() on the output file. The reason for this is that if you are running as root and go and compress a 2Mb file some random joe-user has made, then compress will cleanup the resultant file by resetting the modification time and owner to the original file. O/w, the compressed file would be owned by root, and it would be less than useful to joe-user. The intent was *NOT* to have compress installed setuid root. This would be a massive security hole. John R LoVerso Encore Computer Corp encore!loverso, loverso@multimax.arpa