Aucbvax.3101 fa.unix-wizards utzoo!decvax!ucbvax!unix-wizards Fri Sep 11 21:24:48 1981 Problems with turning off setuid >From decvax!duke!unc!smb@Berkeley Fri Sep 11 21:12:41 1981 In-real-life: Steven M. Bellovin Location: University of North Carolina at Chapel Hill Although I feel that Berkeley's practice is indeed a reasonable protection scheme, it can cause problems. For example, I sometimes create setuid programs that have group-write permission. To test a new version, I can just copy the file into it, without having to 'su' each time. Assuming that /etc/group is secure (or no less secure than /etc/passwd, at any rate), there is no security risk. ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.