From owner-freebsd-hackers@FreeBSD.ORG  Thu Jul 23 18:40:58 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C618A10656CB
	for <freebsd-hackers@freebsd.org>; Thu, 23 Jul 2009 18:40:58 +0000 (UTC)
	(envelope-from ivoras@gmail.com)
Received: from mail-ew0-f220.google.com (mail-ew0-f220.google.com
	[209.85.219.220])
	by mx1.freebsd.org (Postfix) with ESMTP id 4DB768FC0A
	for <freebsd-hackers@freebsd.org>; Thu, 23 Jul 2009 18:40:57 +0000 (UTC)
	(envelope-from ivoras@gmail.com)
Received: by ewy20 with SMTP id 20so274173ewy.43
	for <freebsd-hackers@freebsd.org>; Thu, 23 Jul 2009 11:40:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:sender:received:in-reply-to
	:references:from:date:x-google-sender-auth:message-id:subject:to:cc
	:content-type:content-transfer-encoding;
	bh=+hyFI4sJaXXhJrMPuVFer7KgvLq5Nvvuaw/Yf8/UzyM=;
	b=t7cBbH6YUKSse7QLDngb+LjqhQyfF26yV2YBZfwG4q79t0pzOQ5h6XqHRxKCM/f2KH
	cMk2KgRc4J8QM4VTPxiz6wzoihlghq0mbNT6VUfikSBBferWnGHaFQMjrNe9psvli3l/
	JPooBQy9j5O51swmC0/+KETj341eojUVOCvDs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:sender:in-reply-to:references:from:date
	:x-google-sender-auth:message-id:subject:to:cc:content-type
	:content-transfer-encoding;
	b=nmKVa4JjoAeWT37kyc7LvHTTr/VnEtBHqA1BW33gO4RdMCZYbuY33rd5iWq/DUdbpK
	W466uTNlTX+1pH+0hGw2jL55gE9ECHYoDypNDEn/B+U2KVhqZQZSJvYIv6P5gsLUaSoT
	WPWrN6OjVzI7DShezW8Xw7OXMg9Kk+bG7Cr58=
MIME-Version: 1.0
Sender: ivoras@gmail.com
Received: by 10.210.10.11 with SMTP id 11mr8457529ebj.5.1248372713191; Thu, 23 
	Jul 2009 11:11:53 -0700 (PDT)
In-Reply-To: <4a68a02b.qjV+UOvOtUWLEPN1%perryh@pluto.rain.com>
References: <19939654343.20090722214221@mail.ru>
	<4A6795E7.7020700@darkbsd.org> <h4a2br$4mc$1@ger.gmane.org>
	<4a68a02b.qjV+UOvOtUWLEPN1%perryh@pluto.rain.com>
From: Ivan Voras <ivoras@freebsd.org>
Date: Thu, 23 Jul 2009 20:11:33 +0200
X-Google-Sender-Auth: de4f649ce9cbb01b
Message-ID: <9bbcef730907231111s2ef20e76s5a19a6270b3b5f03@mail.gmail.com>
To: perryh@pluto.rain.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
Subject: Re: SGID/SUID on scripts
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2009 18:40:59 -0000

2009/7/23  <perryh@pluto.rain.com>:
> Ivan Voras <ivoras@freebsd.org> wrote:
>> Presumingly, the biggest concern is with scripts owned by root.
>> Who can unlink, move or change the script? The owner and his
>> group can change it; the directory owner can unlink it ...
>
> Anyone can make a link to such a script in, say, /tmp and then
> mess with the link :(

You mean setuid a soft link? That's allowed?


-- 
f+rEnSIBITAhITAhLR1nM9F4cIs5KJrhbcsVtUIt7K1MhWJy1A==