From owner-freebsd-hackers Sat Oct 16 2:29: 3 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (Postfix) with ESMTP id 4575B14D40 for ; Sat, 16 Oct 1999 02:29:01 -0700 (PDT) (envelope-from julian@whistle.com) Received: from current1.whiste.com (current1.whistle.com [207.76.205.22]) by alpo.whistle.com (8.9.1a/8.9.1) with ESMTP id CAA25018; Sat, 16 Oct 1999 02:25:40 -0700 (PDT) Date: Sat, 16 Oct 1999 02:25:39 -0700 (PDT) From: Julian Elischer To: Mike Nowlin Cc: Jos Backus , freebsd-hackers@FreeBSD.ORG Subject: Re: SUIDDIR problem In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 16 Oct 1999, Mike Nowlin wrote: > > > SUIDDIR will work for any user EXCEPT ROOT > > I did this because I felt it was a security hole to allow users to create > > files owned by root. > > (from memory it will also refuse to do files that have the execute bit set > > but I can't remember for sure) > > In a mildly drunken state, I respond..... :) > > Without looking, I'd imagine that if the chmod command of FTP will allow > you to do a "chmod 4755 file-I-just-uploaded" -- if you have the ability > to execute programs on the machine you uploaded to, this could be a major > problem..... Hence, I'd agree with your decision. Since the ftp daemon will create files without the x bits set, they will succeeed, and will immediatly be owned by the owner of the directory. The sender no-longer owns them and cannot set mode bits, whether or not the ftp daemon would allow it to. > > --mike > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message