Conferences

• IFIP International Symposium on Human Aspects of Information Security & Assurance (HAISA 2021); papers due April 26, 2021
• New Security Paradigms Workshop (NSPW 2021); papers due May 21, 2021

---

My Links

• My Home Page
• Books
• Classes
• Papers
• Reports and Notes
• Research
• Security in Programming
• Service
• Students
• Talks
• Miscellaneous
• My Family
• About Me (CV and such)

---

Other Links

• Cybersecurity Club
• Computer Security Lab
• Dept. of Computer Science
• College of Engineering
• University of California, Davis
• City of Davis
• County of Yolo
• State of California
• United States of America

---

Me

• This Quarter’s Classes
• Office Hours for This Quarter
• Contacting Me
• My Personal Blog
  (Last Entry September 4, 2020; “Don’t Vote Twice”)

---

Current Time in Davis, CA, USA

How To Write a Setuid Program

Citation

• M. Bishop, “How To Write a Setuid Program,” Technical Report 87.18, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (May 1985).

Paper

• PDF
• PS

Abstract

Setuid programs can pose a grave threat to UNIX systems because they explicitly violate the protection scheme designed into UNIX. However, setuid programs are often the only practical solution to problems of maintaining a fully functioning UNIX system. Because of this paradox, they are among the most difficult programs to write. This paper lists and discusses some simple rules for writing setuid programs that will decrease an attacker's ability to use such a program to compromise a UNIX system.

---

Last updated on Thursday, April 15, 2021 11:21:00 PM PDT