From mikedoug@texas.net Tue Sep 3 04:13:05 1996 Received: from staff1.texas.net (mikedoug@staff1.texas.net [206.127.0.38]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id EAA17802 for ; Tue, 3 Sep 1996 04:12:42 +1000 Received: from localhost (mikedoug@localhost) by staff1.texas.net (TxNet/8.7.5) with SMTP id NAA04612; Mon, 2 Sep 1996 13:10:43 -0500 (CDT) X-Authentication-Warning: staff1.texas.net: mikedoug owned process doing -bs Date: Mon, 2 Sep 1996 13:10:43 -0500 (CDT) From: Michael Douglass To: "Justin M. Collins" cc: Martin Ibert , best-of-security@suburbia.net Subject: Re: BoS: More on the UnixWare problem In-Reply-To: <9609020936.ZM20999@firestorm.servtech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII On Mon, 2 Sep 1996, Justin M. Collins wrote: > Following your example it does point out the bug... if you chmod > first then chgrp it works okay.. but if you chgrp and then chmod > it the bug crops ups. From my perspective it looks like a bug > in chmod. Anybody agree/disagree? No, the bug is in chgrp. chgrp should not allow you to change a file's group to a group which you are not in. In other words, if you are not in the kmem group, you should not be able to chgrp a file to that group. If this was true, then it wouldn't matter if you could add the setuid bit to a file because it would gain you no extra access... Michael Douglass Texas Networking, Inc. "To be a saint is to be an exception; to be a true man is the rule. Err, fail, sin if you must, but be upright. To sin as little as possible is the law for men; to sin not at all is a dream for angels." - Victor Hugo, "Les Miserables"