Date: Tue, 28 Mar 2000 15:35:05 +0300 From: Valery Zamarayev <qd@sea.com.ua> To: freebsd-questions@FreeBSD.ORG Subject: Re: strange behaviour of chown(due to my lameness probably) Message-ID: <20000328153505.B2385@sea.com.ua> In-Reply-To: <38E07D91.8D91BFB8@mail.ptd.net> References: <Pine.GSO.4.10.10003272233520.13318-100000@sun33> <38E07D91.8D91BFB8@mail.ptd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 28, 2000 at 04:38:25AM -0500, Thomas M. Sommers wrote: > Ariel Burbaickij wrote: > > > > Wait.even the files that are owned by user who intend to change its > > ownership?Effictively,giving ownership to someone other over? > > Yes. Suppose I am evil and want to delete all of your files. Normally I > could not do it, because you are careful and allow only yourself to > write your files (the permissions are, for example: -rw-r--r--). But if > I could give you ownership of a file, I could create a shell program > with the line 'rm -r ~you/*', make it setuid and executable, and give > you ownership of it. Then if I run it, it will run with your uid, and > will happily delete all of your files. Not quite right. In System V, users can chown theis files, and setuid bits are removed from permissions during this. In BSD, users are not allowed to chown their files at all for disk quotas. Because otherwise a user could bypass disk quotas, by 'chown -R user my_large_directory'. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000328153505.B2385>