Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site umcp-cs.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxj!ihnp4!zehntel!hplabs!hao!seismo!umcp-cs!chris From: chris@umcp-cs.UUCP (Chris Torek) Newsgroups: net.bugs.4bsd Subject: Re: SECURITY HOLE in tftpd Message-ID: <48@umcp-cs.UUCP> Date: Fri, 21-Sep-84 10:20:07 EDT Article-I.D.: umcp-cs.48 Posted: Fri Sep 21 10:20:07 1984 Date-Received: Wed, 26-Sep-84 04:16:52 EDT References: <442@unmvax.UUCP> Distribution: net Organization: U of Maryland, Computer Science Dept., College Park, MD Lines: 27 Perhaps the solution to ``who is the user with no permissions'' is to claim that every system should have a login and group name of ``guest'' (not necessarily one that can be used to log in). That is, /etc/passwd might have . . . guest:*:99:99:Guest account:/tmp:/bin/notashell . . . and /etc/group would then have guest:*:99: in it. Then any setuid program that must have no special permissions can use getpwnam and/or getgrnam to set its user and group IDs. Then again, perhaps that's not the solution. (Do I need this? :-)) -- (This page accidently left blank.) In-Real-Life: Chris Torek, Univ of MD Comp Sci (301) 454-7690 UUCP: {seismo,allegra,brl-bmd}!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris@maryland