Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Message-ID: <14526:Dec711:12:5790@kramden.acf.nyu.edu>
Date: 7 Dec 90 11:12:57 GMT
References: <1990Dec5.135759.12508@noao.edu> <1990Dec6.005358.6336@dg-rtp.dg.com> <109958@convex.convex.com>
Organization: IR
Lines: 10

In article <109958@convex.convex.com> tchrist@convex.COM (Tom Christiansen) writes:
> I consider non-superuser chown(2)s harmful.  They screw up anyone who's
> trying to do post-facto disk accounting or pre-emptive disk quotas.

There is, however, one case where non-superuser chown()s would greatly
help security. Setuid programs should to be able to switch files between
the real and effective uids. Because this feature isn't available, many
secure programs have to run as root rather than their own uids.

---Dan