non-superuser chown(2)s considered harmful
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Mon Dec 10 12:29:48 AEST 1990
In article <18792 at rpp386.cactus.org> jfh at rpp386.cactus.org (John F Haugh II) writes:
> The result of making a system call "root-only" is that any application
> which might have a legitimate need to execute that function must be
> set-uid to root in order to perform that now privileged operation.
> For example, if all the unallocated TTY devices were owned by "uucp",
> all the applications which deal with TTY devices would only have to
> be set-UID to "uucp". Unfortunately, if you have an application that
> wants to change the ownership to the user, such as cu, you must now
> make cu set-UID to "root".
Exactly. This is why several people have been arguing for chown() to
work between current and effective uids. Does chown() have any other
reasonable use?
---Dan
More information about the Comp.unix.internals
mailing list