non-superuser chown(2)s considered harmful

[Melinda Shore]

In article <1990Dec10.231812.23634 at gjetor.geac.COM> adeboer at gjetor.geac.COM (Anthony DeBoer) writes:
>Just for my $0.02 worth, if quotas are in effect, why not have a nightly
>daemon that goes through each user's directory and blows away anything he/she
>doesn't own?  

Because it is Evil to mess with your users' data.  Also, that's a sort
of post-problem fix;  the issue is really whether or not it should be
allowable to give users files without giving them the option of rejecting
them at the time.  Writing secure setuid programs is difficult but
possible, while non-root chown() takes away a user's control over his/
her own use of resources.
-- 
               Hardware brevis, software longa
Melinda Shore                                 shore at mtxinu.com
mt Xinu                              ..!uunet!mtxinu.com!shore