Subject: chown, quotas and security
To: None <firstname.lastname@example.org>
From: I can teach you how to fish... <email@example.com>
Date: 11/04/1994 13:13:18
Okay, I know this might sound a bit far-fetched, but hear me out.
Changing ownership of a file is typically considered a priveleged operation
with respect to quotas. I thought until just a minute ago that quotas
were pretty much the only problem, then I realized how "at" does business.
(Of course /var/at is mode 700, owner root, so this is kind of moot, but
there's still a potential problem.)
[ "at" executes files with the owner being the owner of the atjob file. ]
Now, I don't see any reason to deny chown() to a normal user given that
quotas are not enabled; i.e. if there are no quotas, should one not be
able to give away files? (This is a simple #ifdef in the kernel.)
However, the problem comes when you have something like "at"; you want
users to be able to give away files but ... well, you get the idea.
(in a development environment, it is sometimes desirable to be able to
give files away so as not to trouble super-users with niggly little
file-permission problems... You could argue this, and someone probably
will. I still think this is not out of line.)
I was wondering if there should be a "nochown" (or "chown", if the nochown
would be the default) flag for the ufs filesystem.
[ Yes, it's feeping creaturism, but it was a thought, and it didn't
occur to me that it was a necessarily bad one. Please no flames;
I don't think I'm that half-cocked on this one. Comments are
solicited. If this deserves a better forum than this list, please
point me. ]
_______Wizardry is dead._____ _____WHO: Greywolf (my nameplate even says so)
/ ___\ _ \ __\ V / \ / /__ \| | __/WHAT: UNIX System Mangler...er, Admin
\ \| | < _| ` ' \ '` / \/ /|_| _/ WHERE: Autodesk, Inc. 3 Harbor Dr.
\___|_|\_\__\|_| \/\/ \__/___/_| Sausalito, CA 94965 (415) 332-2344 x4219
see also: firstname.lastname@example.org