The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Unix 'Security Mailing List' - Archives (1984 - 1987)
DOCUMENT: Unix 'Security Mailing List' #21 1985-09-16 (1 file, 1360 bytes)
NOTICE: recognises the rights of all third-party works.


Date: 16 Sep 85 22:49:07 MST (Mon)
Subject: Security Mailing List, # 21


Editor's corner
        This is a short issue, as there was only one message in the queue,
        but I need to tell everyone that the Security Mailing List is
        alive and well in spite of troubles at Denelcor and that the list
        has a new address (as do I). From now on send list inclusions to
        ...!cisden!security and requests to ...!cisden!sec-request.
        Cisden is owned by ConTel Information Systems (Littleton, CO) and
        it communicates right now with nbires, udenva, and boulder. For
        most of the list the best path is ...seismo!hao!nbires!cisden. I'm
        attempting to get cisden better connected.

        Have security issues died out there, or is everyone waiting for

Newcomers to the list since last issue:
        Robin Humphrey (asgb!rch@hao)
        J. Scott Goldberg (j@telesoft)
        Scott Larnach (scott@cstvax)
        Dan Oestreicher (stc!datlog!dan@ukc)
        Mark Smith (stc!datlog!mzs@ukc)


From: hao!seismo!munnari!basser.oz!john
Date: Tue, 13 Aug 85 03:05:36 EST
Subject: Re: Unix PC's mv has the uid bit set

> From: ihnp4!decvax!cwruecmp!nitrex!rob
> A friend just pointed this out, I don't really know if it is old news or not,
> but on the Unix Pc the system software is shipped with the set uid bit
> set on /bin/mv.

Sigh.  This is NOT (or at least should not be) a security hole; have you
ACTUALLY TRIED mv'ing things that you shouldn't have had permission to mv?
If not, for shame, mv is supposed to do all the right checks.  If so (and
I assume by Unix PC you mean 3B2, do please be more specific) then this
machine's mv is seriously broken, but the fact that it is setuid-root
is no accident, it *needs* that power.  Last I heard, you could use "mv"
to rename directories ("mv dir1 dir2") -- and like unlink(2) says, "It is
also illegal to unlink a driectory (except for the super-user)."  This
is because the code in unlink() is not really in a position to check
whether a directory is empty or not.  rmdir is setuid-root for the
same reason.

John Mackin, Basser Department of Computer Science,
             University of Sydney, Sydney, Australia


                    The UNIX security issues mail list

               Ignore the headers on this list and mail to:
             ...cisden!security            (mail for the list).
             ...cisden!sec-request         (administrativia).