changing chown command

From: Christopher L. Barnard (cbar44_at_tsg.cbot.com)
Date: 10/12/05

  • Next message: FXCM - : "SUMMARY: graceful removeal of swap" 
    Date: Wed, 12 Oct 2005 15:16:14 -0500 (CDT)
To: sunmanagers@sunmanagers.org

    I've got a user asking me to disable _POSIX_CHOWN_RESTRICTED (add
    "set rstchown = 0" to /etc/system) on a Sun Solaris box. My understanding
    is that this changes chown's behavior a bit by letting any user chown a
    file that they own to someone else, stripping any suid bits in the process.

    My gut feeling is "no way". But I can't actually envision a case where
    this would really cause a problem on a shared development system. We do
    not use quotas, so there is no concern about a user deviously filling up
    the quota of someone he or she does not like by chowning a bunch of large
    files to them. Setuid is stripped, so I don't think that will be a
    concern. I can think of one obnoxious-but-not-security-critical behavior--
    Alice storing all her illicitly downloaded music on the server and then
    chown'ing them to Bob so it looks like they aren't hers.

    So my question is: can anyone envision a situation where this would create
    a real problem?

    +-----------------------------------------------------------------------+
    | Christopher L. Barnard O When I was a boy I was told that |
    | cbarnard@tsg.cbot.com / \ anybody could become president. |
    | (312) 347-4901 O---O Now I'm beginning to believe it. |
    | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
    +----------PGP public key available via finger or PGP keyserver---------+
    _______________________________________________
    sunmanagers mailing list
    sunmanagers@sunmanagers.org
    http://www.sunmanagers.org/mailman/listinfo/sunmanagers

  • Next message: FXCM - : "SUMMARY: graceful removeal of swap"