[182] in bugtraq
Re: chown, quotas and security
daemon@ATHENA.MIT.EDU (Neil Woods)
Sat Nov 5 22:20:40 1994
From: Neil Woods <neil@legless.demon.co.uk>
To: Tim Newsham <newsham@zang.kcc.hawaii.edu>
Date: Sun, 6 Nov 1994 03:29:21 +0100 (GMT+0100)
Cc: bugtraq@fc.net
In-Reply-To: <9411060207.AA15483@zang.kcc.hawaii.edu> from "Tim Newsham" at Nov 5, 94 04:07:36 pm
> > Only in a very trusting environment, where you don't mind if users chown
> > files they dont own to themselves....
>
> Of course you'd wrap it up or write your own little chown utility
> before you made it suid :)
>
You'd introduce a race condition with a wrapper. If you wrote your
own chown command, you could do it securely, using fchown..
Neil
--
Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual,
Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control.
...like a badger with an afro throwing sparklers at the Pope...
