From owner-freebsd-current@FreeBSD.ORG  Wed Feb 29 16:18:59 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id BC56D106566C
	for <freebsd-current@freebsd.org>; Wed, 29 Feb 2012 16:18:59 +0000 (UTC)
	(envelope-from freebsd-current@m.gmane.org)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 752F98FC16
	for <freebsd-current@freebsd.org>; Wed, 29 Feb 2012 16:18:59 +0000 (UTC)
Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <freebsd-current@m.gmane.org>) id 1S2mEz-0004dq-Ms
	for freebsd-current@freebsd.org; Wed, 29 Feb 2012 17:18:57 +0100
Received: from np-19-75.prenet.pl ([np-19-75.prenet.pl])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-current@freebsd.org>; Wed, 29 Feb 2012 17:18:57 +0100
Received: from jb.1234abcd by np-19-75.prenet.pl with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-current@freebsd.org>; Wed, 29 Feb 2012 17:18:57 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-current@freebsd.org
From: jb <jb.1234abcd@gmail.com>
Date: Wed, 29 Feb 2012 16:18:45 +0000 (UTC)
Lines: 32
Message-ID: <loom.20120229T171016-473@post.gmane.org>
References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk>
	<loom.20120228T155607-690@post.gmane.org>
	<20120228162447.GB58311@mech-cluster241.men.bris.ac.uk>
	<20120229072458.GA95427@DataIX.net>
	<20120229085716.GA66484@mech-cluster241.men.bris.ac.uk>
	<loom.20120229T111136-48@post.gmane.org>
	<loom.20120229T141955-30@post.gmane.org>
	<1330527621.1023.27.camel@revolution.hippie.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 79.139.19.75 (Mozilla/5.0 (X11; FreeBSD i386;
	rv:9.0.1) Gecko/20100101 Firefox/9.0.1)
Subject: Re: negative group permissions?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 16:18:59 -0000

Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes:

> ... 
>  It's not a
> directory or executable file in the first place, so making it executable
> for everyone except the owner and group is not some sort of subtle
> security trick, it's just meaningless.
> ...

Is it meaningless ?

Example:
# cat /var/spool/output/lpd/.seq 
#! /usr/local/bin/bash
touch /tmp/jb-test-`echo $$`

# ls -al /var/spool/output/lpd/.seq 
-rw-r----x  1 root  daemon  54 Feb 29 17:05 /var/spool/output/lpd/.seq
# /var/spool/output/lpd/.seq 
# 
# ls /tmp/jb*
/tmp/jb-test-61789

# chmod 0640 /var/spool/output/lpd/.seq 
# ls -al /var/spool/output/lpd/.seq 
-rw-r-----  1 root  daemon  52 Feb 29 17:11 /var/spool/output/lpd/.seq
# /var/spool/output/lpd/.seq 
su: /var/spool/output/lpd/.seq: Permission denied
#

jb