Date: Tue, 28 Mar 2000 04:38:25 -0500 From: "Thomas M. Sommers" <tms2@mail.ptd.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: strange behaviour of chown(due to my lameness probably) Message-ID: <38E07D91.8D91BFB8@mail.ptd.net> References: <Pine.GSO.4.10.10003272233520.13318-100000@sun33>
next in thread | previous in thread | raw e-mail | index | archive | help
Ariel Burbaickij wrote: > > Wait.even the files that are owned by user who intend to change its > ownership?Effictively,giving ownership to someone other over? Yes. Suppose I am evil and want to delete all of your files. Normally I could not do it, because you are careful and allow only yourself to write your files (the permissions are, for example: -rw-r--r--). But if I could give you ownership of a file, I could create a shell program with the line 'rm -r ~you/*', make it setuid and executable, and give you ownership of it. Then if I run it, it will run with your uid, and will happily delete all of your files. To prevent this and similar security breaches, only root can change file ownership. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38E07D91.8D91BFB8>