Bugtraq mailing list archives
Should any user be allowed to create group?
From: yip () acs ucalgary ca (Joseph Yip)
Date: Wed, 12 Oct 94 11:13:02 MDT
The mkgroup command on AIX 3.2.5 is a SUID program which is public executable. I have reported it to IBM as a security problem but they say that it is working as designed. Since I don't have access to UNIX based systems other than AIX, I wonder if someone could tell me whether other UNIX vendors allow any user on the system to create and manage groups. One implication I can think of is that any user can gain access to files and directories that belong to an unassigned GID. Thanks in advance! -- Joseph Yip University Computing Services (403) 220-6218
Current thread:
- IRC problems & other fun? That Whispering Wolf... (Oct 11)
- Re: IRC problems & other fun? Lawrence C Mc Abee (Oct 11)
- Re: IRC problems & other fun? Alexander L. Haiut (Oct 12)
- Should any user be allowed to create group? Joseph Yip (Oct 12)
- Re: IRC problems & other fun? matthew green (Oct 11)
- recieving adivsories Richard Ortal (Oct 12)
- <Possible follow-ups>
- Re: IRC problems & other fun? Panzer Boy (Oct 12)
- Re: IRC problems & other fun? Lawrence C Mc Abee (Oct 11)