chown broken in 3.1 ?
drake at drake.almaden.ibm.com
drake at drake.almaden.ibm.com
Fri Sep 7 03:15:14 AEST 1990
In article <384 at morpho.UUCP> larry at morpho.UUCP (Larry Morris) writes:
>The chown() call now requires that co have root permissions in order to
>perform the chown.
>
>I can see where this might fix some serious security holes inherent with
>remote file systems, but does the rest of the world do this? Or is this
>another one of IBM's better ideas?
The POSIX 1003.1 spec allows (but does not mandate) this behavior. The
commentary portion of the spec discusses this issue:
System III and System V allow a user to give away files .... This is
a serious problem for implementations which are intended to meet
government security regulations. Version 7 and 4.3BSD permit only the
super-user to change the user ID of a file. ... The standard uses
(the word) "may" to permit secure implementations while not disallowing
System V.
So this isn't an IBM invention, by any means; it's part of IBM's intent
to conform to POSIX and to emulate BSD as closely as possible.
Sam Drake / IBM Almaden Research Center
Internet: drake at ibm.com BITNET: DRAKE at ALMADEN
Usenet: ...!uunet!ibmarc!drake Phone: (408) 927-1861
More information about the Comp.unix.aix
mailing list