Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!purdue!bu-cs!xylogics!world!madd
From: madd@world.std.com (jim frost)
Newsgroups: comp.os.minix
Subject: Re: New fs/protect.c that allows mortals to chown()
Message-ID: <1989Nov13.192902.15473@world.std.com>
Date: 13 Nov 89 19:29:02 GMT
References: <689.255678C1@mudos.ann-arbor.mi.us> <1989Nov7.185627.24105@world.std.com> <10159@attctc.Dallas.TX.US>
Organization: Software Tool & Die
Lines: 18

chasm@attctc.Dallas.TX.US (Charles Marslett) writes:
>I assume setuid/setgid are the only real security holes?

That depends on what you call a security hole; if a user can change
the ownership of one of his files, there is no way to prove that a
particular user actually made a particular file, or if some very large
image (for instance) is owned by "foo" who has no disk quota, or "bar"
who has only a megabyte.  There is no way to deal with accountability.

I honestly think chown should be a root-only; it's much simpler that
way and if a user really needs to chown a file, logging in as the
other user and using "cp" works great.

This is getting off the minix track, though.

jim frost
software tool & die     "The World" Public Access Unix for the '90s
madd@std.com            +1 617-739-WRLD  24hrs {3,12,24}00bps