[11294] in bugtraq
Re: user flags in public temp space (was Re: chflags() [heads up])
daemon@ATHENA.MIT.EDU (Andrew Brown)
Fri Aug 6 20:37:50 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: errrors@graffiti.com
Message-Id: <19990805235551.A10056@noc.untraceable.net>
Date: Thu, 5 Aug 1999 23:55:52 -0400
Reply-To: Andrew Brown <atatat@atatdot.net>
From: Andrew Brown <atatat@ATATDOT.NET>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <199908050756.BAA10138@cvs.openbsd.org>; from Theo de Raadt on
Thu, Aug 05, 1999 at 01:56:47AM -0600
>> Possible long-term fixes we've theo-rized:
>
>A strange pun.
yes. :)
>> c) Make root automatically override user-set flags (possibly will
>> create other complications for user-land programs relying on root
>> passing over such files). This would be akin to Solaris 2.51 and 2.6's
>> ACLs.
>
>This should also probably be looked into a bit more, but currently I
>am leaning away from this being right. It's a rather large change to
>the way flags work. Do we also then make dump not honour user
>nodump.. oh, wait, dump is run by root.... no, that would not make
>sense, would it. So it becomes somewhat inconsistant. To some
>degree, securelevels are trying to make root more equal to users.
perhaps...it might be acceptable to allow root to unlink(2) files
inspite of user flags to the contrary at secure level 0? that *would*
work around the immediate problem.
usually root is the only one running stuff at that level anyway,
right?
fwiw - imho, solaris acls are almost useless. four out of five times
i'd tried to accomplish anything with them, it hasn't worked anyway.
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."
