non-superuser chown(2)s considered harmful
Peter da Silva
peter at ficc.ferranti.com
Sat Dec 8 09:58:31 AEST 1990
In article <109958 at convex.convex.com> tchrist at convex.COM (Tom Christiansen) writes:
> If I make a /tmp/.exrc, and someone cd's to /tmp and vi's some file there,
> I still won't trick someone into sourcing it because I can't make them own
> it.
Sounds like a bug in 'vi'. It really shouldn't source anything but ~/.exrc
or (even better) run $EXINIT: you can put all your .exrc munging in there.
Programs that build in a security hole then try to patch it over are far worse
than a well-documented system call. As for quotas: disable the call if you're
running quotas, otherwise leave it alone.
--
Peter da Silva. `-_-'
+1 713 274 5180. 'U`
peter at ferranti.com
More information about the Comp.unix.internals
mailing list