setuid not working if user is root
utzoo!decvax!ucbvax!unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Mon Aug 31 22:18:29 AEST 1981
>From Wales at UCLA-SECURITY Mon Aug 31 22:12:44 1981
We took the "ignore setuid if root" code out of our 4bsd system on our
VAX 11/780 with no ill effects. After doing an inventory of all system
programs which used setuid, and discovering that (at least here) the
only ones which were not owned by root were the UUCP programs, we
concluded that no lossage would result by making root honor setuid.
I was trying to close up some of the security holes in UUCP file
transfer and UUX command execution, you see, and it soon became evident
that the proper solution was to make setuid work even when root was
doing the executing.
I don't claim to know why this code was put into UNIX, but the best
guess I can hazard is something to the effect that setuid programs are
supposed to give someone additional privileges he didn't already have
(such as accessing normally protected data or issuing privileged system
calls in a controlled environment), and the superuser already has all
the privileges in the world, so there's (supposedly) no reason you
would ever need to setuid to someone else if you were the superuser.
(Remember that almost all setuid programs setuid to root anyway!)
Clearly, no one had UUCP in mind when UNIX was first written.
I vote to declare the test in question a bug -- or, if that's too harsh
for some, a misguided misfeature -- and take it out.
-- Rich Wales
-------
More information about the Comp.unix.wizards
mailing list