non-superuser chown(2)s considered harmful
Sean Eric Fagan
sef at kithrup.COM
Tue Dec 11 21:30:57 AEST 1990
In article <2789 at cirrusl.UUCP> dhesi%cirrusl at oliveb.ATC.olivetti.com (Rahul Dhesi) writes:
>However, consider a UNIX system with 1,000 or more users.
You mean like Amdahls? Running UTS? A SysV derivative?
>In the absence of reasonable resource quotas, the administrator would have
>time to do little else but track down culprits involved in deliberate
>or accidental denial-of-service incidents.
Hmm. Most of the Amdahl administrators I've communicated with seemed to
indicate that they had enough spare time to chat away in email. Seems as if
they didn't have all of their time taken up with tracking down culprits.
>Hence the greater restrictions such as a restricted chown,
Why not restrict mkdir and cd, as well, to prevent the infamous
while :
do
mkdir foo
cd foo
done
? And, while we're at it, why not restrict read, and write, and open, and
close, and sync, and lseek, and getpid, and getuid, and geteuid, and...
--
Sean Eric Fagan | "I made the universe, but please don't blame me for it;
sef at kithrup.COM | I had a bellyache at the time."
-----------------+ -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.
More information about the Comp.unix.internals
mailing list