From: utzoo!decvax!cca!ima!johnl
Newsgroups: net.unix-wizards
Title: Set UID inquiry - (nf)
Article-I.D.: ima.286
Posted: Mon Feb  7 03:23:54 1983
Received: Tue Feb  8 03:06:22 1983

#N:ima:20400002:000:769
ima!johnl    Feb  6 17:12:00 1983

The following question has come up lately:

	A program with the "set-user-ID" bit on turns on SUID-ness (i.e.,
	it runs with the effective privileges of the program owner, not
	the invoker) but a program without SUID does not turn it off.
	This might be a bug, or it might be a feature.

I think it's right the way it is, and gives you flexibility you wouldn't
have otherwise.  Other people think it's a security hole.  Do any of you
out there know of programs that depend on the behavior one way or the
other?  Reply to me, I'll summarize if there's interest.

Thanks, as always, in advance.

John Levine, IECC, PO Box 349, Cambridge MA 02238; (617) 491-5451
decvax!yale-co!jrl, harpo!esquire!ima!johnl, ucbvax!cbosgd!ima!johnl
{research|alice|rabbit|amd70}!ima!johnl