Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!shadooby!oxtrap!mudos!mju
From: mju@mudos.ann-arbor.mi.us (Marc Unangst)
Newsgroups: comp.os.minix
Subject: Re: New fs/protect.c that allows mortals to chown()
Message-ID: <707.255F764F@mudos.ann-arbor.mi.us>
Date: Mon, 13 Nov 89 21:58:34 EST
Organization: FidoNet node 1:120/129 - Starship Enterprise, Ann Arbor MI

In article <10159@attctc.Dallas.TX.US>, chasm@attctc.Dallas.TX.US (Charles Marslett) writes:
 >In article <1989Nov7.185627.24105@world.std.com>, madd@world.std.com (jim frost) writes:
 >[With respect to allowing the owner of a file (other than root) to issue a
 >chown() system call]
 >> I'm curious as to what you do if the file is setuid; do you clear the
 >> setuid bit?  If not, you make a huge security hole (assuming you
 >> care, which I do).  If you've done this, please ignore.
 >
 >System V.3 (the interactive version, at least) does exactly this -- I checked
 >it Friday, but I forgot to see what the other bits do (sticky, et al.).  I
 >assume setuid/setgid are the only real security holes?

Well, my new version of protect.c strips off the SUID and SGID bits if
the person is not the super-user.  I figure that if you're root, you
could always just issue another chmod() after the chown(), so it's
kind of pointless to bother stripping them...

Sticky really isn't a problem, for two reasons.  (1) The meaning of
the sticky bit is "Never swap this out, EVER.  Also, keep it in core
all the time, even when it's not being run."  I suppose it's possible
for a person to make the system unusable, especially on a 640K system,
by making something like Elle sticky, and then loading it, but there's
really no way to prevent this.  (2) Since MINIX doesn't have swapping,
the sticky bit doesn't do anything there.

I'll be posting the cdiffs against stock 1.3d soon, and once I do, you
can pound on it all you want.

--  
Marc Unangst
Internet: mju@mudos.ann-arbor.mi.us
UUCP    : ...!uunet!sharkey!mudos!mju
Fidonet : Marc Unangst of 1:120/129.0
BBS     : The Starship Enterprise, 1200/2400 bps, +1 313-665-2832
ÿ