From owner-freebsd-hackers  Sun Nov  9 15:13:15 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id PAA13129
          for hackers-outgoing; Sun, 9 Nov 1997 15:13:15 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA13118
          for <hackers@FreeBSD.ORG>; Sun, 9 Nov 1997 15:13:09 -0800 (PST)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id PAA27471;
	Sun, 9 Nov 1997 15:15:10 -0800 (PST)
Message-Id: <199711092315.PAA27471@implode.root.com>
To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
cc: hackers@FreeBSD.ORG
Subject: Re: How useful is this patch? 
In-reply-to: Your message of "Sun, 09 Nov 1997 16:24:21 +0100."
             <19971109162421.IH64390@uriah.heep.sax.de> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Sun, 09 Nov 1997 15:15:10 -0800
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>As Julian Elischer wrote:
>
>> if a mount option is specified, then setting the SUID bit
>> on a directory specifies similar inheritance with UIDS as we 
>> presently have with GIDs.
>
>As long as it's a mount option (defaulting to off), i think i could
>live with it.
>
>> The SUID bits are hereditary to child directories, and
>> a file 'given away' in this manner 
>>   1/ cannot be give n to root (would defeat quotas)
>>   2/ has the execute bits stripped off (and suid)
>
>Problem: you can cause someone else a DoS attack by maliciously
>filling his home directory.
>
>(I didn't review the patch itself, so i explicitly don't comment on
>stylistic etc. bugs.  Make sure the style adhers to the requirements
>of style(9).)

   You could also create a .rhosts file, allowing anyone to log in as the
user. You could also create a variety of other files like .tcshrc if it
didn't already exist and the user's shell was tcsh (and similar other login
scripts with other shells), or various X resource files if the user might
start X apps. The list goes on and on. I think it sounds like a major
security hole for just about anyone who enables it.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project