From owner-freebsd-questions Tue Mar 28 1:39: 6 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.ptd.net (mail2.ha-net.ptd.net [207.44.96.66]) by hub.freebsd.org (Postfix) with SMTP id 3DCD537BE6E for ; Tue, 28 Mar 2000 01:39:03 -0800 (PST) (envelope-from tms2@mail.ptd.net) Received: (qmail 14387 invoked from network); 28 Mar 2000 09:39:16 -0000 Received: from du05.cli.ptd.net (HELO mail.ptd.net) (204.186.33.5) by mail.ptd.net with SMTP; 28 Mar 2000 09:39:16 -0000 Message-ID: <38E07D91.8D91BFB8@mail.ptd.net> Date: Tue, 28 Mar 2000 04:38:25 -0500 From: "Thomas M. Sommers" X-Mailer: Mozilla 4.51 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Re: strange behaviour of chown(due to my lameness probably) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ariel Burbaickij wrote: > > Wait.even the files that are owned by user who intend to change its > ownership?Effictively,giving ownership to someone other over? Yes. Suppose I am evil and want to delete all of your files. Normally I could not do it, because you are careful and allow only yourself to write your files (the permissions are, for example: -rw-r--r--). But if I could give you ownership of a file, I could create a shell program with the line 'rm -r ~you/*', make it setuid and executable, and give you ownership of it. Then if I run it, it will run with your uid, and will happily delete all of your files. To prevent this and similar security breaches, only root can change file ownership. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message