Re: static user IDs

Brian May 20 Sep 1999 06:12:06 -0000

In article <[EMAIL PROTECTED]> you write:
>My understanding was that static IDs were for packages that did include the
>code to support dynamic IDs. There is no really reason at all for a package to
>have a static ID.


Wrong! Lets demonstrate by counter example:

[511] [snoopy:bam] ~ >ls -ld /usr/bin/*(^g:root:)
-rwxr-sr-x   1 root     mail       403776 Oct 16  1998 /usr/bin/elm*
-rwxr-sr-x   1 root     news        36068 Sep  7 08:21 /usr/bin/inews*
-rwxr-sr-x   1 root     mail        10108 Apr  8 21:59 /usr/bin/lockfile*
-rwxr-sr-x   1 root     mail        63564 Jul  1  1998 /usr/bin/mail*
-rwxr-xr-x   1 root     uucp       166252 Nov  7  1998 /usr/bin/minicom*
-rwxr-sr-x   1 root     mail         6652 Feb 28  1999 /usr/bin/mutt_dotlock*
-rwxr-sr-x   1 root     mail      1191788 Aug 11  1998 /usr/bin/pine*
-rwsr-sr-x   1 root     mail        59900 Apr  8 21:59 /usr/bin/procmail*
-rwxr-sr-x   1 root     news        18308 Sep  7 08:20 /usr/bin/rnews*
-rwxr-sr-x   1 root     tty          9996 Dec 12  1998 /usr/bin/wall*
-rwxr-sr-x   1 root     tty          9416 Dec 12  1998 /usr/bin/write*
[512] [snoopy:bam] ~ >ls -ld /usr/bin/*(^u:root:)
-rwsr-xr-x   1 man      root        76832 Jun  9 22:38 /usr/bin/man*
-rwsr-xr-x   1 man      root        62300 Jun  9 22:38 /usr/bin/mandb*
[504] [snoopy:bam] ~ >ls -ld /usr/sbin/*(^u:root:)
-rwsr-sr--   1 irc      root       224908 Oct 17  1998 /usr/sbin/ircd*
-r-xr-sr-x   1 postfix  postdrop    48244 Jul  1 13:45 /usr/sbin/postdrop*
[505] [snoopy:bam] ~ >ls -ld /usr/sbin/*(^g:root:)
-rwsr-xr--   1 root     news         7992 Sep  7 08:20 /usr/sbin/inndstart*
-rwxr-sr-x   1 root     kmem        82436 Jul 17  1998 /usr/sbin/lsof*
-r-xr-sr-x   1 postfix  postdrop    48244 Jul  1 13:45 /usr/sbin/postdrop*
-rwsr-xr--   1 root     dip        105884 Jun 19  1998 /usr/sbin/pppd*

(there maybe more instances of this occuring, I have just scratched
the surface.)

Yet, /usr, according to the filesystem standard is meant to be
sharable among different systems. If these IDs aren't statically
allocated, you might find that the above SUID and SGID programs
are SUID and SGID to the *wrong* uid or gid!!!

Is it really worth it?

Anyway, this is something to watch out for.

Somebody else suggested that other files (queue files? I can't check
until I send this) may need to be shared, too, but I can't confirm/deny
this.
-- 
Brian May <[EMAIL PROTECTED]>

pgpgF7v44YPOM.pgp
Description: PGP signature

Re: static user IDs

Reply via email to