Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!zaphod.mps.ohio-state.edu!rpi!batcomputer!cornell!rochester!pt.cs.cmu.edu!o.gp.cs.cmu.edu!andrew.cmu.edu!wb1j+ From: wb1j+@andrew.cmu.edu (William M. Bumgarner) Newsgroups: comp.sys.next Subject: Re: Preserving file ownerships on OD? Message-ID: <8cNCt0G00aw4E47LVI@andrew.cmu.edu> Date: 23 Jun 91 18:53:52 GMT References: <1991Jun20.220525.5015@ccu.umanitoba.ca> <1768@toaster.SFSU.EDU>, <11043@idunno.Princeton.EDU> Organization: Carnegie Mellon, Pittsburgh, PA Lines: 23 In-Reply-To: <11043@idunno.Princeton.EDU> There is a very good reason for a mountable piece of media (such as OD's or floppies) to be owned by the current console user. Think about it: Say you have a root owned (or any other user owned) setuid copy of shell (or any number of other isidiously powerful programs) on a piece of removable media. Wouldn't it be rather large security hole to be able to shove that disc into ANY machine and suddenly be able to be root simply by running your set uid shell? I don't see any way to avoid this; sure, you could not allow csh or sh to be run as set uid from a piece of media, but what about any of the number of other apps that are out there that can diddle files? b.bum (w/a commentary from Dan Grillo) b.bumgarner | Disclaimer: All opinions expressed are my own. wb1j+@andrew.cmu.edu | I officially don't represent anyone unless I NeXT Campus Consultant | explicity say I am doing so. So there. "I ride tandem with the random/Things don't run the way I planned them.."