at files and permissions
Bob Wilber
wilber at alice.UUCP
Sat Jul 8 09:11:29 AEST 1989
Chris Lewis writes:
>"at" needs setuid root permissions so that it can write in the cron/at
>spool directories.
Actually, "at" shouldn't have to run setuid to root. A special user (say,
"Mr.At") should be created to own the at spool directory, and "at" should run
setuid to Mr.At. That way if someone discovers a security hole in "at" he only
gains the power to delete other people's at files, he doesn't get to play super
user.
The real reason "at" is run setuid to root on System V is because of the
infamous System V setuid(2) bug, wherein a process with a non-root effective id
is not able to setuid to its real id if that real id is root. Because of this
bug "at" must be run setuid to root so that root can use it.
Bob Wilber
More information about the Comp.unix.questions
mailing list