[comp.sources.d] compress and setting owner/group

mkhaw@teknowledge-vaxc.ARPA (Mike Khaw) (07/11/88)

The compress program calls chown(2) to try to set the user and group of
the output file to match that of the input file.  4bsd's chown() allows
only root to change the user; consequently on ultrix 2.2, the entire call
fails, and the output file is owned by the user who ran compress and the
group that the parent directory belongs to.

Do 4bsd sites run compress as a setuid root program?  Is compress safe to
install as a setuid root program?

Thanks,
Mike Khaw
-- 
internet: mkhaw@teknowledge.arpa
uucp:	  {uunet|sun|ucbvax|decwrl|uw-beaver}!mkhaw%teknowledge.arpa
hardcopy: Teknowledge Inc, 1850 Embarcadero Rd, POB 10119, Palo Alto, CA 94303

steve@alberta.UUCP (Stephen Samuel) (07/11/88)

From article <23718@teknowledge-vaxc.ARPA>, by mkhaw@teknowledge-vaxc.ARPA (Mike Khaw):
> the output file to match that of the input file.  4bsd's chown() allows
> only root to change the user; consequently on ultrix 2.2, the entire call
> .... Is compress safe to install as a setuid root program?

Generically, I'd say no, since, because compress can write to generic files,
it's a mistake to allow it to run setuid.  Consider the following for a
system where /tmp and /etc are on the same filesystem:

cd /tmp
cp /etc/passwd ./pw
vi pw
 <change the root passwd>
:x
compress pw
ln /etc/pw ./pw
compress -d pw.Z


result:  One broken system...

ron@topaz.rutgers.edu (Ron Natalie) (07/11/88)

> Do 4bsd sites run compress as a setuid root program?

NO.  The ability for a random user to create files that end up
being owned by "me" is antisocial and should NOT be supported.
Too much reliance is put on the owner of the files to allow
users to do this.  For example, consider disk quotas.

> Is compress safe to install as a setuid root program?

Certainly NOT!

-Ron

loverso@encore.UUCP (John Robert LoVerso) (07/15/88)

In an article mkhaw@teknowledge-vaxc.ARPA (Mike Khaw) asks about why
compress does a chown() on the output file.

The reason for this is that if you are running as root and go and compress
a 2Mb file some random joe-user has made, then compress will cleanup
the resultant file by resetting the modification time and owner to the
original file.  O/w, the compressed file would be owned by root, and it
would be less than useful to joe-user.

The intent was *NOT* to have compress installed setuid root.  This would
be a massive security hole.

John R LoVerso
Encore Computer Corp
encore!loverso, loverso@multimax.arpa