Subject: Re: Library permissions and security
To: Stephen J. Roznowski <>
From: Chris G. Demetriou <cgd@postgres.Berkeley.EDU>
List: current-users
Date: 03/27/1994 19:39:36
> A while ago, there was a discussion about gaining root access via suid
> programs through exploiting*. Well, since the libraries
> are installed with owner bin (group bin), it appears that if you are
> able to become bin on a system, gaining root is trivial.

if you are able to gain user 'bin', you can do damn near anything
you want.  have you looked at the ownership of /bin/sh lately?