USENIX Association Proceedings of the

  title={USENIX Association Proceedings of the},
  author={Hao Chen and David Wagner and Drew Dean},
Access control in Unix systems is mainly based on user IDs, yet the system calls that modify user IDs ( uid-setting system calls ), such assetuid, are poorly designed, insufficiently documented, and widely misunderstood and misused. This has caused many security vulnerabilities in application programs. We propose to make progress on the setuid mystery… CONTINUE READING