non-superuser chown(2)s considered harmful
Melinda Shore
shore at mtxinu.COM
Wed Dec 12 18:03:54 AEST 1990
In article <1990Dec10.231812.23634 at gjetor.geac.COM> adeboer at gjetor.geac.COM (Anthony DeBoer) writes:
>Just for my $0.02 worth, if quotas are in effect, why not have a nightly
>daemon that goes through each user's directory and blows away anything he/she
>doesn't own?
Because it is Evil to mess with your users' data. Also, that's a sort
of post-problem fix; the issue is really whether or not it should be
allowable to give users files without giving them the option of rejecting
them at the time. Writing secure setuid programs is difficult but
possible, while non-root chown() takes away a user's control over his/
her own use of resources.
--
Hardware brevis, software longa
Melinda Shore shore at mtxinu.com
mt Xinu ..!uunet!mtxinu.com!shore
More information about the Comp.unix.internals
mailing list