-x implementations

[Jim Balter]

In article <8920 at star.cs.vu.nl> maart at cs.vu.nl (Maarten Litmaath) writes:
>)2) It only matters if the program calling access has S_ISUID or S_ISGID set.
>
>Not true.

Is this proof by assertion?  Tell me how it's not true.

>)   Why would test be installed with set-uid privileges?
>
>What if the program (e.g. the shell) that _calls_ `test', is setuid?
>(I.e. its effective uid differs from its real uid.)

The shell shouldn't be set-uid if you have any concern for security, but even
if it were, exec pays no attention to the set-uid bit of the caller.  You seem
to be confusing the effects of su, which changes your real and effective uid,
with the setuid bit on an executable.  Doing an su *does not* make your shell
setuid.  Test will only have different real and effective uids if the S_ISUID
bit is set on the executable file.  This not to say that there aren't plenty
of programs that do access calls that break when someone decides to make them
set-uid.  Because there is no effective uid access call, these programs are
forced to use stat, which costs more on many systems (acc/mod/chg times aren't
kept in core because of old pdp11 space constraints), and do their own access
determination based on protection bits, even though such determination is
system-dependent these days, given group sets and access lists.