Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Message-ID: <2800:Dec1001:29:4890@kramden.acf.nyu.edu>
Date: 10 Dec 90 01:29:48 GMT
References: <18786@rpp386.cactus.org> <1990Dec7.171501.18028@mp.cs.niu.edu> <18792@rpp386.cactus.org>
Organization: IR
Lines: 15

In article <18792@rpp386.cactus.org> jfh@rpp386.cactus.org (John F Haugh II) writes:
> The result of making a system call "root-only" is that any application
> which might have a legitimate need to execute that function must be
> set-uid to root in order to perform that now privileged operation.
> For example, if all the unallocated TTY devices were owned by "uucp",
> all the applications which deal with TTY devices would only have to
> be set-UID to "uucp".  Unfortunately, if you have an application that
> wants to change the ownership to the user, such as cu, you must now
> make cu set-UID to "root".

Exactly. This is why several people have been arguing for chown() to
work between current and effective uids. Does chown() have any other
reasonable use?

---Dan