Subject: Re: chown, quotas and security
To: None <,>
From: I can teach you how to fish... <>
List: current-users
Date: 11/07/1994 10:13:44
#define AUTHOR " ("

 * The chown(2) system call turns off the setuid and/or setgid bits as
 * appropriate, so this is not a concern.

#undef AUTHOR	/* " (" */

chown(2) only turns off setuid/setgid bits iff the caller is not the
super-user (theoretically), but non-super-users cannot successfully call

I hacked it into the kernel such that if QUOTA was an option at compile
time, it would behave as normal; whereas if it was not defined, chown
would permit a user to give a file away.  Now inside chown(2), the
code already exists to permit this as well as clearing the setuid/setgid
bits, but whoever hacked that part of the kernel at Berkeley just kind
of surreptitiously stuffed in the

        if (!suser())
                return errno = EPERM;

/* or whatever */
code which (obviously) obsoletes anything past that part.  The solution
was my first kernel hack which actually doesn't really count since all I
had to do was to surround that piece of code with

#ifdef QUOTA
/* insert code snippet from above */

and that was it.  Recompiled the kernel with these permissions and never
had another complaint from the engineers on that system (who, incidentally,
used source control systems, be it SCCS, RCS or (more likely) our own
home-grown version, and they *still* had need for chown(2/8) in that

Only last week when I sent this discussion in was I suddenly aware
(and not through example!) that this kind of hack on a system could make
it hideously insecure if, say, /var/cron/at was a world-execute directory.

 _______Wizardry is dead._____ _____WHO: Greywolf (my nameplate even says so)
/ ___\ _ \ __\ V / \  / /__ \| | __/WHAT: UNIX System, Admin
\ \| |   < _| ` ' \ '` / \/ /|_| _/ WHERE: Autodesk, Inc.  3 Harbor Dr.
 \___|_|\_\__\|_|  \/\/ \__/___/_|  Sausalito, CA 94965 (415) 332-2344 x4219
	see also: