david@ukma.UUCP (David Herron, NPR Lover) (02/27/86)
A friend who runs an Ultrix machine ran across an interesting
change with uucp on Ultrix. (He's not done much with Unix
before. I was giving him some software, using uuencoded files
to get it there, but he had troubles unpacking it).
For some reason uu{en,de}code are owned by uucp and set[ug]id
to boot! WHY????? It was very surprising for my friend when
he said "uudecode file" and it said "file: permission denied"
or whatever that protection message is. And then he su'd to
try again as root and still got the same message! Sheesh.
Why did DEC do this? (uu{en,de}code in the 4.2 distribution
gets installed owned by root and no set[ug]id, so DEC definitely
changed this...)
Fortunately this isn't a security hole. I created a uuencoding
of /bin/sh, editted the file to put set[ug]id to the resulting
file, then uudecoded it. The file was owned by uucp, but not
set[ug]id.
--
David Herron, cbosgd!ukma!david, david@UKMA.BITNET, david@uky.csnet
^
Notice new and improved address---|
Postmaster for Kentucky
"'New and improved' is a misnomer" -- David Herron, 1986csg@pyramid.UUCP (Carl S. Gutekunst) (03/06/86)
In article <2766@ukma.UUCP> david@ukma.UUCP (David Herron, NPR Lover) writes: >For some reason uu{en,de}code are owned by uucp and set[ug]id >to boot! WHY????? > ... >Fortunately this isn't a security hole. Ah, but it is. uuencode and uudecode are typically owned by uucp, but NOT set[ug]id. If they are, anyone can use them to read L.sys, USERFILE, etc. -- Carl S. Gutekunst {allegra,cmcl2,decwrl,hplabs,topaz,ut-sally}!pyramid!csg Pyramid Technology Corp, Mountain View, CA +1 415 965 7200