setuid programs
I'd like explanations for why I should not report the following sets
of permissions as bugs:
mh 6.8.3-2
(mh has no business messing with POP service support:)
-rws--x--x 1 root root 15023 Mar 1 1995 /usr/lib/mh/popwrd
-rwsr-xr-x 1 root root 21548 Mar 1 1995 /usr/lib/mh/spop
(these programs should be setgid mail if at all:)
-rwsr-xr-x 1 root root 41057 Mar 1 1995 /usr/bin/mh/inc
-rwsr-xr-x 1 root root 21196 Mar 1 1995 /usr/bin/mh/msgchk
lpr 5.9-6
(setgid lp *and* setuid root ?)
-rwsr-sr-x 1 root lp 16388 May 12 1995 /usr/bin/lpq
-rwsr-sr-x 1 root lp 16388 May 12 1995 /usr/bin/lpr
-rwsr-sr-x 1 root lp 16388 May 12 1995 /usr/bin/lprm
procmail ?
(setgid mail *and* setuid root ?)
-rwsr-sr-x 1 root mail 57348 May 12 1995 /usr/bin/procmail
netstd 1.24-1
(run out of inetd, why make it setgid?)
-rwxr-sr-x 1 root mail 16388 Nov 22 09:13 /usr/sbin/in.pop3d
various games:
(games should be setgid, not setuid, so that a bug in a game doesn't
compromise all its users:)
-rwsr-xr-x 1 games root 73728 Aug 28 20:20 /usr/games/xpat2
-rwsr-xr-x 1 games root 61444 Aug 29 18:31 /usr/games/mirrormagic
-rwsr-xr-x 1 games root 32768 Aug 28 20:19 /usr/games/xsok
Reply by personal email and I'll summarise to the list.
Ian.
Reply to: