Date: Wed, 17 Mar 1999 10:58:16 -0400 (AST) From: Michael Richards <026809r@dragon.acadiau.ca> To: Jon Hamilton <hamilton@pobox.com> Cc: Ladavac Marino <mladavac@metropolitan.at>, "'Dmitry Valdov'" <dv@dv.ru>, freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: disk quota overriding Message-ID: <Pine.GSO.4.05.9903171056310.10835-100000@dragon> In-Reply-To: <19990317144148.12DFF62@woodstock.monkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Mar 1999, Jon Hamilton wrote: > } touch big_file > } chmod 777 big_file > } chown root:wheel big_file > } cat /dev/zero >>big_file > } This joke used to work on HPUX 10.something which kept the > } owner-may-chown semantics even in presence of quotas. It was not funny. > } (I don't know whether HP has fixed that). > > Under HP-UX 9.x, the behavior you describe was the default, and it > was changable by altering a kernel config parameter and relinking the > kernel. The same tunable is available under 10.x, but I'm less certain > what the default behavior is there. Whether quotas are enabled or not > does not affect the behavior, only the kernel tunable parameter. We all know that there are oodles of security problems associated with file giveaways. As I recall, all the texts I have ever read on the subject say that unless there is a very good reason to allow giveaways, they should be disabled. -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9903171056310.10835-100000>