by This is very strange indeed:
We are 2 friends, who cooperate a lot on schoolwork etc, so we wanted to
have better access to eachother files. We have a group for our selves,
and we both did this:
cp /usr/local/bin/bash ~/bin
chgrp src ~/bin/bash
chmod 4750 ~/bin/bash
After that, we both had a set-uid shell in our directories which only the
2 of us could run... So to try it out I ran bash from his bin-dir, and he
ran bash from my bin-dir... When I typed "id" I got this output:
uid=1401(me) gid=218(src) euid=1433(him)
So what could I do?
1. I could read all his files.
2. I could create new files (even if gid(src) hadn't write-access).
3. I could delete files.
and what couldn't I do?
1. I could not create directories.
2. I could not remove directories.
This I think is very strange, and another thing even more strange is that
he could create directories in my account when he ran the bash that
was setuid me... But after some days he couldn't make directories anymore...
Does anyone have a clue why I couldn't create directories on his account?
--
---------------------------------------------------------------------------
---------------------------------------------------------------------------