chown thru multiple directories
Mark Callow
msc at ramoth.esd.sgi.com
Wed Jul 11 06:40:50 AEST 1990
In article <1990Jul10.105223.27591 at gorgo.ifi.unizh.ch>,
meyer at gorgo.ifi.unizh.ch (Urs Meyer) writes:
|>
|> WARNING:
|> There is a security leak in this procedure if the super-user executes
|> the find command. If a file in the user's directory tree is a
|> (symbolic) link, the file pointed to by the link will change ownership
|> and not the link itself. Therefore, if the user has a link to /etc/passwd,
|> he will own is afterwards.
|> This is true at least up to IRIX 3.2.1.
|>
|> I really don't like the way symbolic links are implemented in IRIX.
|> But, there have been enough discussions on that topic.
The same exact thing happens with hard links. This isn't surprising since
symbolic links were designed to be semantically the same as hard links.
As far as I know symbolic links in IRIX are implemented identically to those
in BSD and SunOS.
I think this is a case of buyer beware of the sharp tools.
--
>From the TARDIS of Mark Callow
msc at ramoth.sgi.com, ...{ames,decwrl}!sgi!msc
"There is much virtue in a window. It is to a human being as a frame is to
a painting, as a proscenium to a play. It strongly defines its content."
More information about the Comp.sys.sgi
mailing list