non-superuser chown(2)s considered harmful
Neil Rickert
rickert at mp.cs.niu.edu
Fri Dec 7 14:23:40 AEST 1990
In article <109958 at convex.convex.com> tchrist at convex.COM (Tom Christiansen) writes:
>I consider non-superuser chown(2)s harmful. They screw up anyone who's
>trying to do post-facto disk accounting or pre-emptive disk quotas.
>
>It also ruffles my security feathers. Various programs realize that they
>shouldn't source config files owned by someone other than the current
>user, such as vi and the csh. If I make a /tmp/.exrc, and someone cd's to
I wonder whether 'sendmail' checks for this. If the system aliases
file contains :include:/path/name as an alias, when the alias is
expanded 'sendmail' uses the permissions of the owner of the :include:
file for aliases such as "|program". (permission of daemon for a root
owner). If SystemV versions of 'sendmail' don't change this, and allow
giving away files, then anyone given access to manage a mailing list has
almost carte-blanche to execute programs as other people.
--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science <rickert at cs.niu.edu>
Northern Illinois Univ.
DeKalb, IL 60115. +1-815-753-6940
More information about the Comp.unix.internals
mailing list