Xref: utzoo comp.sys.att:3776 comp.unix.questions:8224 comp.unix.wizards:9907 Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!amdahl!pacbell!ptsfa!jmc From: jmc@ptsfa.PacBell.COM (Jerry Carlin) Newsgroups: comp.sys.att,comp.unix.questions,comp.unix.wizards Subject: Re: Setuid on expreserve and exrecover Keywords: setuid, vi, expreserve, exrecover Message-ID: <4410@ptsfa.PacBell.COM> Date: 14 Jul 88 15:08:20 GMT References: <794@pttesac.UUCP> Reply-To: jmc@ptsfa.PacBell.COM (Jerry Carlin) Organization: Pacific * Bell, San Ramon, CA Lines: 13 In article <794@pttesac.UUCP> robert@pttesac.UUCP (Robert Rodriguez) writes: >Does anyone know the reason for /usr/lib/ex*preserve being >set-user-id bin or root ? Needed on BSD but not on System V due to chown() requiring root privileges. Do us all a favor and if you are a V. system chmod 555 ex*preserve and chmod 777 /usr/preserve. ex*preserve has a well-known security problem. If any vendor is still delivering systems with ex*preserve setuid they should be shot at sunrise. -- Jerry Carlin (415) 823-2441 {bellcore,sun,ames,pyramid}!pacbell!jmc To dream the impossible dream. To fight the unbeatable foe.