Subject: chown, quotas and security
To: None <>
From: I can teach you how to fish... <>
List: current-users
Date: 11/04/1994 13:13:18
Okay, I know this might sound a bit far-fetched, but hear me out.

Changing ownership of a file is typically considered a priveleged operation
with respect to quotas.  I thought until just a minute ago that quotas
were pretty much the only problem, then I realized how "at" does business.
(Of course /var/at is mode 700, owner root, so this is kind of moot, but
there's still a potential problem.)

[ "at" executes files with the owner being the owner of the atjob file. ]

Now, I don't see any reason to deny chown() to a normal user given that
quotas are not enabled; i.e. if there are no quotas, should one not be
able to give away files?  (This is a simple #ifdef in the kernel.)

However, the problem comes when you have something like "at"; you want
users to be able to give away files but ... well, you get the idea.

(in a development environment, it is sometimes desirable to be able to
 give files away so as not to trouble super-users with niggly little
 file-permission problems...  You could argue this, and someone probably
 will.  I still think this is not out of line.)

I was wondering if there should be a "nochown" (or "chown", if the nochown
would be the default) flag for the ufs filesystem.

[ Yes, it's feeping creaturism, but it was a thought, and it didn't
  occur to me that it was a necessarily bad one.  Please no flames;
  I don't think I'm that half-cocked on this one.  Comments are
  solicited.  If this deserves a better forum than this list, please
  point me. ]


 _______Wizardry is dead._____ _____WHO: Greywolf (my nameplate even says so)
/ ___\ _ \ __\ V / \  / /__ \| | __/WHAT: UNIX System, Admin
\ \| |   < _| ` ' \ '` / \/ /|_| _/ WHERE: Autodesk, Inc.  3 Harbor Dr.
 \___|_|\_\__\|_|  \/\/ \__/___/_|  Sausalito, CA 94965 (415) 332-2344 x4219
	see also: