non-superuser chown(2)s considered harmful
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Mon Dec 10 12:47:04 AEST 1990
In article <18796 at rpp386.cactus.org> jfh at rpp386.cactus.org (John F Haugh II) writes:
> In article <110075 at convex.convex.com> tchrist at convex.COM (Tom Christiansen) writes:
> >If you could switch a file's ownership between real and effective uid's,
> >this wouldn't be a problem. Since a process can always cp a file, at
> >which time it will be owned by whichever ID was active at the time, I
> >don't see why that can't be allowed.
> Yes, and this is a much better solution - restrict chown() to be between
> the real and effective UIDs, rather that completely out the window.
Right. Now we just have to convince Berkeley.
> However, in a co-operative environment (such as commercial installations)
> there is quite a bit of file-sharing going on in a very ad hoc fashion.
I prefer the control you get from a setuid program.
---Dan
More information about the Comp.unix.internals
mailing list