From: utzoo!decvax!cca!dan@Bbn-Unix@sri-unix Newsgroups: net.unix-wizards Title: Re: Chown: right or privilege Article-I.D.: sri-unix.2816 Posted: Sat Aug 21 05:12:18 1982 Received: Sun Aug 22 02:21:54 1982 From: Dan FranklinDate: 10 Aug 1982 23:27:56 EDT (Tuesday) Needless to say, chown must then be sure to turn off the setuid and setgid bits.... The only other security violation I am aware of is via the at program, which looks at the user and group names on its files to decide who the processes should be run as. Anyone can put a file in /usr/spool/at to be executed (or chown a file of their own that they've put there). A solution would be to change at to require that the setuid and setgid bits be set on the files it runs.