Running random user programs as ROOT?!

Tue Jun 25 20:55:28 AEST 1991

> I  hope  not.   Su  sets  *real*  and  effective   user   ID.    The
> saved-set-user-ID  should  be wiped out by the su program when SUing
> to the user's account.  Otherwise SU is *horribly* broken.

OK, so if I wanted to write a version  of  su  that  wasn't  "horribly
broken",  how  would  I  do  it?   I've  dug  around in TFM on several
occasions, trying to make sense of the saved-set-user-ID  concept,  to
little  avail.   They  seem to think that they should keep it a secret
from me, because if I'm interested, I am obviously an Evil Hacker  who
is trying to violate system security.

So  far,  I  haven't seen any documented system call to set this third
uid that some Unix kernels keep. If there's no (documented) way to set
it,  how  can  you  accuse  a program of being "horribly broken" if it
doesn't set it correctly?

BTW, this isn't purely hypothetical.  I recently added a dumb terminal
to  this (Sys/VR3) system so that when X shoots itself in the foot and
goes zombie on me, I have a back door to do something short of pushing
the  reset  button.   But what I can do there is very limited, because
when I type "su" it just says "Sorry", without even asking  me  for  a
password.   TFM  hasn't  helped  at  all  to  explain  why  su  is  so
recalcitrant.  I've done what any hacker would do  -  written  my  own
version of su. Now I find that, according to the above, it is horribly
broken.  I'd like to know how to make it less so.  How do I do that?

If it's described somewhere in TFM (that I am too stupid to find), I'd
like to know where, and how I missed it.
-- 
All opinions Copyright (c) 1991 by John Chambers.  Inquire for licensing at:
Home: 1-617-484-6393 ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc 
Work: 1-508-486-5475 {sppip7.lkg.dec.com!jc,ub40::jc}