From owner-freebsd-hackers  Sun Nov  9 14:03:19 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA08207
          for hackers-outgoing; Sun, 9 Nov 1997 14:03:19 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA08200
          for <hackers@FreeBSD.ORG>; Sun, 9 Nov 1997 14:03:15 -0800 (PST)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id OAA11903; Sun, 9 Nov 1997 14:02:43 -0800 (PST)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma011901; Sun Nov  9 14:02:20 1997
Received: (from archie@localhost) by bubba.whistle.com (8.8.5/8.6.12) id OAA00530; Sun, 9 Nov 1997 14:02:20 -0800 (PST)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199711092202.OAA00530@bubba.whistle.com>
Subject: Re: How useful is this patch?
In-Reply-To: <19971109162421.IH64390@uriah.heep.sax.de> from J Wunsch at "Nov 9, 97 04:24:21 pm"
To: joerg_wunsch@uriah.heep.sax.de
Date: Sun, 9 Nov 1997 14:02:20 -0800 (PST)
Cc: hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL31 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


J Wunsch writes:
> As Julian Elischer wrote:
> 
> > if a mount option is specified, then setting the SUID bit
> > on a directory specifies similar inheritance with UIDS as we 
> > presently have with GIDs.
> 
> As long as it's a mount option (defaulting to off), i think i could
> live with it.
> 
> > The SUID bits are hereditary to child directories, and
> > a file 'given away' in this manner 
> >   1/ cannot be give n to root (would defeat quotas)
> >   2/ has the execute bits stripped off (and suid)
> 
> Problem: you can cause someone else a DoS attack by maliciously
> filling his home directory.

This attack would require that you have given the other user write
permission to your home directory, at least.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com