rick@ariel.UUCP (07/26/84)
DESCRIPTION: USG System V "uucp(1)" uses outdated and incorrect code to check whether the "uucp" has permission to read a source file. This is not a security violation, but rather is "overprotective" in assuming that "uucp" is ALWAYS a member of the "other" (a.k.a. "world") category. This is unneccessary, and incorrect, if the file is already owned by "uucp". In such a case, a test should be performed by testing the ownership, and alternately, the group membership. In preparing this bug report, I also noticed similar problems with writing files produced by "uucp". EXAMPLE: $ cd /tmp $ ls -lda . bugfile drwxrwxrwx 3 root root 1248 Jul 24 15:28 . -rw-rw---- 1 uucp uucp 0 Jul 24 15:26 bugfile $ uucp bugfile ariel!~/rick/bugfile can't read file (/tmp/bugfile) mode (100660) $ FIX BY: Replace all code reference of "ANYREAD" and "ANYWRITE" in "uucp.c" with the appropriate "access(3)" code. Richard L. Maus, Jr. (Rick) AT&T-IS(@BTL) HO 1K313 201-834-4532 ...!ho???!ariel!rick