Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site harvard.ARPA Path: utzoo!linus!philabs!cmcl2!seismo!harvard!sullivan From: sullivan@harvard.ARPA (John M. Sullivan) Newsgroups: net.micro.att Subject: Re: S-bit set on UnixPC mv Message-ID: <294@harvard.ARPA> Date: Thu, 8-Aug-85 16:46:30 EDT Article-I.D.: harvard.294 Posted: Thu Aug 8 16:46:30 1985 Date-Received: Sun, 11-Aug-85 06:59:13 EDT References: <1284@cwruecmp.UUCP> <2511@sun.uucp> <1285@cwruecmp.UUCP> Reply-To: sullivan@popvax.UUCP (John M. Sullivan) Organization: Harvard University Lines: 17 1. mv is setuid so that it can move directories. 2. It is not stupid, and won't let you do things you shouldn't be allowed to, probably because it does setuid(getuid()). 3. The version number 2.0 on Upc Unix has nothing to do with V7, SV, etc. Last fall there were versions x1.?,...,x5.?, then 1.0 and finally the released version 2.0. These numbers all refer to versions of the Unix PC system, and are all derived from System V with demand paging added by CT. 4. Any user can move files into or out of /etc (or /) because the directory is publically writable. 5. My favorite security hole is letting any user mount a floppy. John Sullivan -- John M. Sullivan sullivan@harvard