Path: utzoo!attcan!uunet!bellcore!att!cbnewsl!cbnewsk!pegasus!hansen
From: hansen@pegasus.att.com (Tony L. Hansen)
Newsgroups: comp.unix.internals
Subject: Re: non-superuser chown(2)s considered harmful
Summary: mail(1) uses chown(2)
Keywords: chown, mail
Message-ID: <1990Dec11.005644.20688@cbnewsk.att.com>
Date: 11 Dec 90 00:56:44 GMT
References: <1990Dec7.171501.18028@mp.cs.niu.edu> <18792@rpp386.cactus.org> <2800:Dec1001:29:4890@kramden.acf.nyu.edu>
Sender: hansen@cbnewsk.att.com (tony.l.hansen)
Organization: AT&T Bell Laboratories
Lines: 10

< Exactly. This is why several people have been arguing for chown() to
< work between current and effective uids. Does chown() have any other
< reasonable use?

The mail(1) command uses chown(2) and set-gid to give a secure mail system. I
feel that other methods are fraught with potential security holes.

					Tony Hansen
				att!pegasus!hansen, attmail!tony
				    hansen@pegasus.att.com