From owner-freebsd-questions Tue Mar 28 6:31: 1 2000 Delivered-To: freebsd-questions@freebsd.org Received: from merkur.hrz.uni-giessen.de (merkur.hrz.uni-giessen.de [134.176.2.12]) by hub.freebsd.org (Postfix) with ESMTP id F26BC37BE7E for ; Tue, 28 Mar 2000 06:30:56 -0800 (PST) (envelope-from Ariel.Burbaickij@mni.fh-giessen.de) Received: from caspar.mni.fh-giessen.de by merkur.hrz.uni-giessen.de with ESMTP; Tue, 28 Mar 2000 16:31:10 +0200 Received: from sun18.mni.fh-giessen.de ([134.176.183.118]) by caspar.mni.fh-giessen.de with esmtp (Exim 2.12 #6) id 12ZwwL-0000xG-00; Tue, 28 Mar 2000 16:25:53 +0200 Received: from localhost (hg9456@localhost) by sun18.mni.fh-giessen.de (8.9.3+Sun/8.8.8) with ESMTP id QAA00841; Tue, 28 Mar 2000 16:30:57 +0200 (MET DST) X-Authentication-Warning: sun18.mni.fh-giessen.de: hg9456 owned process doing -bs Date: Tue, 28 Mar 2000 16:30:56 +0200 (MET DST) From: Ariel Burbaickij X-Sender: hg9456@sun18 To: "Thomas M. Sommers" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: strange behaviour of chown(due to my lameness almost sure :)) In-Reply-To: <38E07D91.8D91BFB8@mail.ptd.net> Message-Id: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 28 Mar 2000, Thomas M. Sommers wrote: > Ariel Burbaickij wrote: > > > > Wait.even the files that are owned by user who intend to change its > > ownership?Effictively,giving ownership to someone other over? > > Yes. Suppose I am evil and want to delete all of your files. Normally I > could not do it, because you are careful and allow only yourself to > write your files (the permissions are, for example: -rw-r--r--). But if > I could give you ownership of a file, I could create a shell program > with the line 'rm -r ~you/*', make it setuid and executable, and give > you ownership of it. Then if I run it, it will run with your uid, and > will happily delete all of your files. > > To prevent this and similar security breaches, only root can change file > ownership. Have read man chown meanwhile.It is obvious as described by you. Almost any utility/programm/routine can be misused as we have seen and present double-edged sword,though So from my lame point of view following situation is also possible: Two users want to share some files in rather unrestricted manner. Unfortunately,they are not in the same group due to whatever reasons so as far i can see(not very far indeed)they will have 2 possibilities: Holding permissions bits set to 777(not very wise imho) or to have chown working for them.As to dangers following could be feasible: Maintaining 2 files in every user's home directory .chown_accept and .chown_deny.With initial setting of.chown_deny:Deny ALL files from ALL ANY size(in case someone just want to ovverrun quotas)and possibility to make policy less restrictive.UNIX is not Bell-Lapadulla system so it is not need to pretend it is. kind regards, Ariel > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message