From owner-freebsd-questions  Tue Mar 28  4:38: 6 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from avenger.alex-ua.com (nat.alex-ua.com [195.5.22.36])
	by hub.freebsd.org (Postfix) with ESMTP id 3520537BDC9
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 Mar 2000 04:37:58 -0800 (PST)
	(envelope-from qd@sea.com.ua)
Received: from qdamage.localdomain (sea1.alex-ua.com [195.5.27.118] (may be forged))
	by avenger.alex-ua.com (8.8.8/8.8.8) with ESMTP id PAA28549
	for <freebsd-questions@FreeBSD.ORG>; Tue, 28 Mar 2000 15:37:50 +0300 (EEST)
	(envelope-from qd@sea.com.ua)
Received: (from qd@localhost)
	by qdamage.localdomain (8.9.3/8.9.3) id PAA02607
	for freebsd-questions@FreeBSD.ORG; Tue, 28 Mar 2000 15:35:05 +0300 (EEST)
	(envelope-from qd)
Date: Tue, 28 Mar 2000 15:35:05 +0300
From: Valery Zamarayev <qd@sea.com.ua>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: strange behaviour of chown(due to my lameness probably)
Message-ID: <20000328153505.B2385@sea.com.ua>
Mail-Followup-To: freebsd-questions@FreeBSD.ORG
References: <Pine.GSO.4.10.10003272233520.13318-100000@sun33> <38E07D91.8D91BFB8@mail.ptd.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
In-Reply-To: <38E07D91.8D91BFB8@mail.ptd.net>
Organization: SEA Company
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, Mar 28, 2000 at 04:38:25AM -0500, Thomas M. Sommers wrote:
> Ariel Burbaickij wrote:
> > 
> >   Wait.even the files that are owned by user who intend to change its
> >   ownership?Effictively,giving ownership to someone other over?
> 
> Yes. Suppose I am evil and want to delete all of your files. Normally I
> could not do it, because you are careful and allow only yourself to
> write your files (the permissions are, for example: -rw-r--r--). But if
> I could give you ownership of a file, I could create a shell program
> with the line 'rm -r ~you/*', make it setuid and executable, and give
> you ownership of it. Then if I run it, it will run with your uid, and
> will happily delete all of your files.

Not quite right. In System V, users can chown theis files, and setuid bits
are removed from permissions during this.

In BSD, users are not allowed to chown their files at all for disk quotas.
Because otherwise a user could bypass disk quotas, 
by 'chown -R user my_large_directory'.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message