Xref: utzoo comp.sources.d:2443 comp.unix.questions:8118 Path: utzoo!utgpu!water!watmath!clyde!att!alberta!obed!steve From: obed!steve@alberta.UUCP (Stephen Samuel) Newsgroups: comp.sources.d,comp.unix.questions Subject: Re: compress and setting owner/group Message-ID: <1439@pembina.UUCP> Date: 11 Jul 88 06:46:00 GMT References: <23718@teknowledge-vaxc.ARPA> Organization: U. of Alberta: Biochemistry , Edmonton, AB Lines: 20 From article <23718@teknowledge-vaxc.ARPA>, by mkhaw@teknowledge-vaxc.ARPA (Mike Khaw): > the output file to match that of the input file. 4bsd's chown() allows > only root to change the user; consequently on ultrix 2.2, the entire call > .... Is compress safe to install as a setuid root program? Generically, I'd say no, since, because compress can write to generic files, it's a mistake to allow it to run setuid. Consider the following for a system where /tmp and /etc are on the same filesystem: cd /tmp cp /etc/passwd ./pw vi pw:x compress pw ln /etc/pw ./pw compress -d pw.Z result: One broken system...