Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site harvard.ARPA
Path: utzoo!linus!philabs!cmcl2!seismo!harvard!sullivan
From: sullivan@harvard.ARPA (John M. Sullivan)
Newsgroups: net.micro.att
Subject: Re: S-bit set on UnixPC mv
Message-ID: <294@harvard.ARPA>
Date: Thu, 8-Aug-85 16:46:30 EDT
Article-I.D.: harvard.294
Posted: Thu Aug  8 16:46:30 1985
Date-Received: Sun, 11-Aug-85 06:59:13 EDT
References: <1284@cwruecmp.UUCP> <2511@sun.uucp> <1285@cwruecmp.UUCP>
Reply-To: sullivan@popvax.UUCP (John M. Sullivan)
Organization: Harvard University
Lines: 17


1. mv is setuid so that it can move directories.
2. It is not stupid, and won't let you do things you shouldn't be
	allowed to, probably because it does setuid(getuid()).
3. The version number 2.0 on Upc Unix has nothing to do with V7, SV,
	etc.  Last fall there were versions x1.?,...,x5.?, then 1.0 and
	finally the released version 2.0.  These numbers all refer to
	versions of the Unix PC system, and are all derived from
	System V with demand paging added by CT.
4. Any user can move files into or out of /etc (or /) because the
	directory is publically writable.
5. My favorite security hole is letting any user mount a floppy.

John Sullivan
-- 
John M. Sullivan
sullivan@harvard