mephdbo%prism@gatech.edu (d. majumder) (12/14/88)
Hi, I was trying to run Makefile for Touchtool. But there seems to be a
problem of permission denial with the uudecode in the Makefile. The error
message reads "image_touch Permission denied" ?? What do I need to do?
[[ Aahhh! A candidate for the "often-asked questions" list. This really
isn't a Sun problem: it's a Unix problem. By default, uudecode is
installed setuid to uucp. So, if uucp cannot create files in the current
directory (as is usually the case), you will get a "permmission denied"
message. There are two solutions. The temporary one is to chmod the
current directory to 777 ("chmod 777 ."), do the uudecode, and change the
permissions back. The permanent one is to simply remove the set-uid bit
from /usr/bin/uudecode (chmod u-s uudecode) since it doesn't really need
it anyway. --wnl ]]
thanx
Deeptendudavid@sun.com (12/21/88)
>The permanent one is to simply remove the set-uid bit >from /usr/bin/uudecode (chmod u-s uudecode) since it doesn't really need >it anyway. --wnl If you do this be sure to get rid of the decode alias in {/usr/lib,/etc}/aliases. -- David DiGiacomo, Sun Microsystems, Mt. View, CA sun!david david@sun.com
matt@uhura.cc.rochester.edu (12/30/88)
Although uudecode doesn't really "need" the SUID bit to be set (and the
file owned by uucp -- which it seems is a security problem in itself),
there is a problem with what Sun used to (and probably still does)
distribute as the default /usr/lib/aliases file. Within it, there is an
alias:
decode: "|/usr/bin/uudecode"
Since "decode" gets called as "daemon", this poses yet another security
threat.
I wanted to test the above theory, but try as I might, I couldn't get
sendmail to accept an address in the aliases file with a '|' in it. I
kept getting the message "User unknown" (this is opposed to the "normal"
message you get when mailing to an invalid user of: "name... User
unknown"). Perhaps Sun has disallowed mailing to programs? I don't think
so, but then again, I can't seem to get it to work either. This is under
SunOS 3.2...
-----
- uucp: {rutgers,ames}!rochester!srs!matt Matt Goheen
- internet: matt@srs.uucp OR matt%srs.uucp@harvard.harvard.edu