I asked > I've got a user asking me to disable _POSIX_CHOWN_RESTRICTED (add > "set rstchown = 0" to /etc/system) on a Sun Solaris box. My understanding > is that this changes chown's behavior a bit by letting any user chown a > file that they own to someone else, stripping any suid bits in the process. > > My gut feeling is "no way". But I can't actually envision a case where > this would really cause a problem on a shared development system. We do > not use quotas, so there is no concern about a user deviously filling up > the quota of someone he or she does not like by chowning a bunch of large > files to them. Setuid is stripped, so I don't think that will be a > concern. I can think of one obnoxious-but-not-security-critical behavior-- > Alice storing all her illicitly downloaded music on the server and then > chown'ing them to Bob so it looks like they aren't hers. > > So my question is: can anyone envision a situation where this would create > a real problem? The answer Don't do it unless you like the inside of a courtroom. With that change you lose your audit trail if a user hides his or her illegal files by putting them in another user's area owned by that user. If you need this functionality, use something like sudo to have an audit trail. Thanks to <David.Harrington.ctr@dla.mil> Dan Lowe <dan@tangledhelix.com> Chris Ruhnke <ruhnke@us.ibm.com> Darren Dunham <ddunham@taos.com> Hicheal Morton <mh1272@gmail.com> Karyn Williams <karyn@calarts.edu> Scott Francis <darkuncle@gmail.com> "Paveza, Gary" <gary.paveza@aig.com> Rich Teer <rich.teer@rite-group.com> Johan Hartzenberg <jhartzen@csc.com> Andrew Hall <halla3@corp.earthlink.net> Chris Hoogendyk <hoogendyk@bio.umass.edu> <Deborah.Santomauro@f22ctf.edwards.af.mil> Matthew Stier <Matthew.Stier@us.fujitsu.com> +-----------------------------------------------------------------------+ | Christopher L. Barnard O When I was a boy I was told that | | cbarnard@tsg.cbot.com / \ anybody could become president. | | (312) 347-4901 O---O Now I'm beginning to believe it. | | http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow | +----------PGP public key available via finger or PGP keyserver---------+ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Oct 21 11:36:10 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:52 EST