changing chown command

From: Christopher L. Barnard (cbar44@tsg.cbot.com)
Date: Wed Oct 12 2005 - 16:16:14 EDT


I've got a user asking me to disable _POSIX_CHOWN_RESTRICTED (add
"set rstchown = 0" to /etc/system) on a Sun Solaris box. My understanding
is that this changes chown's behavior a bit by letting any user chown a
file that they own to someone else, stripping any suid bits in the process.

My gut feeling is "no way". But I can't actually envision a case where
this would really cause a problem on a shared development system. We do
not use quotas, so there is no concern about a user deviously filling up
the quota of someone he or she does not like by chowning a bunch of large
files to them. Setuid is stripped, so I don't think that will be a
concern. I can think of one obnoxious-but-not-security-critical behavior--
Alice storing all her illicitly downloaded music on the server and then
chown'ing them to Bob so it looks like they aren't hers.

So my question is: can anyone envision a situation where this would create
a real problem?

+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers



This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:32:51 EDT