WARNING: SCO-Xenix game "hack", setuid root NO DANGER, OOOOPS
Lehtinen Pertti
pl at hakki.cs.tut.fi
Tue Apr 23 19:13:14 AEST 1991
>From article <9104211024.32 at rmkhome.UUCP>, by rmk at rmkhome.UUCP (Rick Kelly):
> In article <1991Apr18.213843.18297 at odbffm.incom.de> oli at odbffm.incom.de (Oliver Boehmer) writes:
>>In <1991Apr17.192850.10450 at odbffm.incom.de> oli at odbffm.incom.de (Oliver Boehmer) writes:
>>But one thing I'd really like to know: Why the &/%$"&/ is hack setuid?
>
> I believe that the high score file belongs to root, and can only be read by
> and written to by root.
>
Yes. This is usually reason for this kind of setup.
The main fault is, that there is no reason to have setuid root
for this purpose. Some pseudo user and setuid to that could
be just enough. It is always possible to cause some unwanted
side effects, when wandering around with root.
--
pl at cs.tut.fi ! All opinions expressed above are
Pertti Lehtinen ! purely offending and in subject
Tampere University of Technology ! to change without any further
Software Systems Laboratory ! notice
More information about the Comp.unix.admin
mailing list