Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!cbosgd!mandrill!hal!ncoast!allbery
From: allbery@ncoast.UUCP
Newsgroups: comp.unix.wizards
Subject: Re: Setting process groups
Message-ID: <6305@ncoast.UUCP>
Date: Mon, 30-Nov-87 22:21:01 EST
Article-I.D.: ncoast.6305
Posted: Mon Nov 30 22:21:01 1987
Date-Received: Fri, 4-Dec-87 01:21:26 EST
References: <1765@unc.cs.unc.edu> <910@mcgill-vision.UUCP> <1261@saturn.ucsc.edu>
Reply-To: allbery@ncoast.UUCP (Brandon Allbery)
Followup-To: comp.unix.wizards
Organization: Cleveland Public Access UN*X, Cleveland, Oh
Lines: 19

As quoted from <1261@saturn.ucsc.edu> by haynes@ucscc.UCSC.EDU.ucsc.edu (99700000):
+---------------
| Incidentally, there's a security hole connected with setpgrp()
| in that the system doesn't check whether the pgrp number you
| proffer is already in use by somebody else.  So with a little
| cleverness you can attach to the pgrp of someone else's process
| and proceed to kill it.
+---------------

...which is why System V won't let you set the pgrp to anything other than
your pid.

Wonderful idea, by the way -- don't you get a warm glow from having posted
an easily-exploited security hole to the Net?  Please be more circumspect
next time.
-- 
Brandon S. Allbery		      necntc!ncoast!allbery@harvard.harvard.edu
 {hoptoad,harvard!necntc,cbosgd,sun!mandrill!hal,uunet!hnsurg3}!ncoast!allbery
			Moderator of comp.sources.misc