From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 23 17:49:27 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBBCE106567A; Thu, 23 Jul 2009 17:49:27 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id B52B88FC1B; Thu, 23 Jul 2009 17:49:27 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n6NHnRGp071367 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 23 Jul 2009 10:49:27 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n6NHnRBs071366; Thu, 23 Jul 2009 10:49:27 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA02891; Thu, 23 Jul 09 10:41:43 PDT Date: Thu, 23 Jul 2009 10:38:51 -0700 From: perryh@pluto.rain.com To: ivoras@freebsd.org Message-Id: <4a68a02b.qjV+UOvOtUWLEPN1%perryh@pluto.rain.com> References: <19939654343.20090722214221@mail.ru> <4A6795E7.7020700@darkbsd.org> In-Reply-To: User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@freebsd.org Subject: Re: SGID/SUID on scripts X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jul 2009 17:49:28 -0000 Ivan Voras wrote: > Presumingly, the biggest concern is with scripts owned by root. > Who can unlink, move or change the script? The owner and his > group can change it; the directory owner can unlink it ... Anyone can make a link to such a script in, say, /tmp and then mess with the link :(