Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site bu-cs.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!bu-cs!root
From: root@bu-cs.UUCP (Barry Shein)
Newsgroups: net.bugs.uucp
Subject: Re: Read permission on /etc/phones
Message-ID: <464@bu-cs.UUCP>
Date: Thu, 4-Jul-85 17:58:57 EDT
Article-I.D.: bu-cs.464
Posted: Thu Jul  4 17:58:57 1985
Date-Received: Sat, 6-Jul-85 09:52:17 EDT
References: <472@qantel.UUCP> <170@motel6.UUCP> <>, <154@telesoft.UUCP>
Organization: Boston Univ Comp. Sci.
Lines: 53
Keywords: tip, uucp, LCK

>From: pilotti@telesoft.UUCP (Keith Pilotti @shine)
>Newsgroups: net.bugs.uucp
>Subject: Re: Read permission on /etc/phones
>Keywords: tip, uucp, LCK
>Summary: 4.2BSD `tip' "breaks" UUCP security

>
>    Another problem this causes involves /usr/spool/uucp security and LCK
>    files.
>
>    It is desirable to have /usr/spool/uucp NOT WRITABLE by the world, as
>    this leaves a hole for (admittedly clever) vandalism. 
>
>    However, with the 4.2BSD version of `tip', this causes the LCK files to
>    be left around after `tip' exits, preventing use of the port until
>    manual intervention by a "privileged user". 
>
>    `tip' creates the LCK file while SUID, and no longer has write
>    permission in /usr/spool/uucp once it changes the UID.  The LCK
>    file therefore remains. 
>
>**  For binary sites the only "solution" seems to be to leave this
>**  directory writable.  Yuck.
>
>    /+\ Keith

Not completely true: Write a little program, call it tip.c with the
following flow:

	1. set up whatever signals make you comfortable
	2. exec the 'real' tip, passing it's argv down
	3. wait for completion
	4. remove the LCK file and exit

Move the 'real' tip somewhere else (/usr/lib/tip comes to mind) and
code that into your program

#define TIP "/usr/lib/tip"

compile and put this thing into where tip used to be (/usr/ucb/tip
probably) and make *it* setuid (probably to uucp.) When tip exits this
parent will have the priv to remove the offending LCK file.

You could probably do it with a sh program, give or take various
warnings on the net about setuid sh programs and how much that concerns
you.

I haven't done this but I have done things like it and it should solve
your problems (and problems like it.) Although I vastly prefer the
sources there are some standard tricks like this in UNIX to do
workarounds easily.

	-Barry Shein, Boston University