From owner-freebsd-current Wed Mar 17 6:59:44 1999 Delivered-To: freebsd-current@freebsd.org Received: from relay.acadiau.ca (relay.acadiau.ca [131.162.2.90]) by hub.freebsd.org (Postfix) with ESMTP id 89AEC14D71; Wed, 17 Mar 1999 06:59:24 -0800 (PST) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon.acadiau.ca (dragon.acadiau.ca [131.162.1.79]) by relay.acadiau.ca (8.8.5/8.8.5) with ESMTP id KAA02991; Wed, 17 Mar 1999 10:58:21 -0400 (AST) Received: from localhost (026809r@localhost) by dragon.acadiau.ca (8.8.8+Sun/8.8.8) with ESMTP id KAA11028; Wed, 17 Mar 1999 10:58:16 -0400 (AST) Date: Wed, 17 Mar 1999 10:58:16 -0400 (AST) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: Jon Hamilton Cc: Ladavac Marino , "'Dmitry Valdov'" , freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding In-Reply-To: <19990317144148.12DFF62@woodstock.monkey.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 17 Mar 1999, Jon Hamilton wrote: > } touch big_file > } chmod 777 big_file > } chown root:wheel big_file > } cat /dev/zero >>big_file > } This joke used to work on HPUX 10.something which kept the > } owner-may-chown semantics even in presence of quotas. It was not funny. > } (I don't know whether HP has fixed that). > > Under HP-UX 9.x, the behavior you describe was the default, and it > was changable by altering a kernel config parameter and relinking the > kernel. The same tunable is available under 10.x, but I'm less certain > what the default behavior is there. Whether quotas are enabled or not > does not affect the behavior, only the kernel tunable parameter. We all know that there are oodles of security problems associated with file giveaways. As I recall, all the texts I have ever read on the subject say that unless there is a very good reason to allow giveaways, they should be disabled. -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message