gwyn@Brl@sri-unix (08/24/82)
From: Doug Gwyn <gwyn@Brl> Date: 14 Aug 82 1:00:13-EDT (Sat) The scenario $ chgrp sys myshell $ chmod 2750 myshell that lets one set-GID to a group he's not a member of could be nullified if "chmod" wouldn't let one set the set-GID bit on a file if the group differs from one's current effective GID. This kind of protection loophole results from having two distinct protection levels, user and group. One way to avoid trouble would be to outlaw groups altogether, but too many less-than-superuser privileged utilities would have to be changed in this case. Better to carefully PROVE the security of any set of rules one has come up with for his system. I believe this can be done for UNIX in one of its variations; has anybody done this?