From jcollins@firestorm.servtech.com Mon Sep 2 02:23:21 1996 Received: from firestorm.servtech.com (jcollins@firestorm.servtech.com [199.1.22.6]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id CAA03395 for ; Mon, 2 Sep 1996 02:23:03 +1000 Received: (from jcollins@localhost) by firestorm.servtech.com (8.7.5/8.7.5) id MAA22499 for best-of-security@suburbia.net; Sun, 1 Sep 1996 12:22:25 -0400 (EDT) From: jcollins@firestorm.servtech.com (Justin M. Collins) To: best-of-security@suburbia.net Date: Sun, 1 Sep 1996 12:22:22 -0400 Subject: Re: BoS: More on the UnixWare problem Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Message-ID: <9609011222.ZM22492@firestorm.servtech.com> In-Reply-To: Julian Assange "BoS: More on the UnixWare problem" (Sep 2, 12:21am) References: <199609011421.AAA19562@suburbia.net> X-Mailer: Z-Mail Lite (3.2.0 26may94) On Sep 2, 12:21am, Julian Assange wrote: > > % cp /usr/bin/ksh . > % chmod 2700 ./ksh > % chgrp 23456 ./ksh > % ./ksh > > id > > And 'id' reports effective group ID of 23456. Oh, s**t. Watch out, > /dev/kmem. How about mode 775 directories? What, you say /usr/bin comes > that way by default, group 'bin'? Someone get me a bottle of Advil. Oh, > it's a high-security system? Make that a double--of codeine. strange.. this is not how it happens on my systems. (all Unixware 2.0.3) (I will show the state of the file after ever command) % cp /usr/bin/ksh . -r-xr-xr-x 1 jcollins staff 135632 Sep 1 12:18 ksh % chmod 2700 ./ksh UX:chmod: WARNING: chmod() failed on ./ksh: Invalid argument % chmod 2750 ./ksh -rwxr-s--- 1 jcollins staff 135632 Sep 1 12:18 ./ksh % chgrp 23456 ./ksh -rwxr-x--- 1 jcollins 23456 135632 Sep 1 12:18 ./ksh % ./ksh $ id uid=171(jcollins) gid=104(staff) If I am missing something please let me know.. but according to what I did above the bug does not exist. -justin m. collins ---------------------------------------------------------------------------- Justin M. Collins Senior Systems/Network Administrator ServiceTech, Inc. jcollins@servtech.com v:(716)263-3360 f:(716)423-1596 "Time has little to do with infinity and jelly donuts."