Date: Tue, 28 Mar 2000 16:30:56 +0200 (MET DST) From: Ariel Burbaickij <Ariel.Burbaickij@mni.fh-giessen.de> To: "Thomas M. Sommers" <tms2@mail.ptd.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: strange behaviour of chown(due to my lameness almost sure :)) Message-ID: <Pine.GSO.4.10.10003281620320.820-100000@sun18> In-Reply-To: <38E07D91.8D91BFB8@mail.ptd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 28 Mar 2000, Thomas M. Sommers wrote: > Ariel Burbaickij wrote: > > > > Wait.even the files that are owned by user who intend to change its > > ownership?Effictively,giving ownership to someone other over? > > Yes. Suppose I am evil and want to delete all of your files. Normally I > could not do it, because you are careful and allow only yourself to > write your files (the permissions are, for example: -rw-r--r--). But if > I could give you ownership of a file, I could create a shell program > with the line 'rm -r ~you/*', make it setuid and executable, and give > you ownership of it. Then if I run it, it will run with your uid, and > will happily delete all of your files. > > To prevent this and similar security breaches, only root can change file > ownership. Have read man chown meanwhile.It is obvious as described by you. Almost any utility/programm/routine can be misused as we have seen and present double-edged sword,though So from my lame point of view following situation is also possible: Two users want to share some files in rather unrestricted manner. Unfortunately,they are not in the same group due to whatever reasons so as far i can see(not very far indeed)they will have 2 possibilities: Holding permissions bits set to 777(not very wise imho) or to have chown working for them.As to dangers following could be feasible: Maintaining 2 files in every user's home directory .chown_accept and .chown_deny.With initial setting of.chown_deny:Deny ALL files from ALL ANY size(in case someone just want to ovverrun quotas)and possibility to make policy less restrictive.UNIX is not Bell-Lapadulla system so it is not need to pretend it is. kind regards, Ariel > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.10.10003281620320.820-100000>