Date: Sat, 16 Oct 1999 02:25:39 -0700 (PDT) From: Julian Elischer <julian@whistle.com> To: Mike Nowlin <mike@argos.org> Cc: Jos Backus <Jos.Backus@nl.origin-it.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: SUIDDIR problem Message-ID: <Pine.BSF.4.10.9910160223460.19271-100000@current1.whistle.com> In-Reply-To: <Pine.LNX.4.05.9910160508230.25028-100000@jason.argos.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 16 Oct 1999, Mike Nowlin wrote: > > > SUIDDIR will work for any user EXCEPT ROOT > > I did this because I felt it was a security hole to allow users to create > > files owned by root. > > (from memory it will also refuse to do files that have the execute bit set > > but I can't remember for sure) > > In a mildly drunken state, I respond..... :) > > Without looking, I'd imagine that if the chmod command of FTP will allow > you to do a "chmod 4755 file-I-just-uploaded" -- if you have the ability > to execute programs on the machine you uploaded to, this could be a major > problem..... Hence, I'd agree with your decision. Since the ftp daemon will create files without the x bits set, they will succeeed, and will immediatly be owned by the owner of the directory. The sender no-longer owns them and cannot set mode bits, whether or not the ftp daemon would allow it to. > > --mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910160223460.19271-100000>