Re: chown

[Stan Isaacs <isaacs hpcc01 corp hp com>]

> 
> On Thu, 30 Mar 2000, Stan Isaacs wrote:
> 
> >   After looking at both the redhat archives, and freebsd, I guess I'm 
> > convinced that chown won't work, by default, for non-root users.  Is there
> > any way to change that default on Redhat Linux 6.1?  
> 
> It's not a default, it's a concept. Allowing anything else would be VERY
> stupid, as it would allow stuff like
> 
> cat >evil.sh <<EOF
> #!/bin/sh
> rm -rf ~someone/* ~someone/.*
> EOF
> chmod 4755 evil.sh
> chown someone evil.sh
> ./evil.sh

    I don't think suid settings should be preserved across chown, which is
what makes that work.  And, besides, I don't think suid does anything when
the file is a script, so I'm not sure it even applies in your example.

    At least some other versions of UNIX (I use HPUX) allow chown, and don't
have this "evil" problem - they just don't carry over the suid bits.


> >   Shouldn't the man pages for chown talk about this?  Again, how can I
> > keep telling my students to read the man pages, if they don't even
> > give facts like who can execute a command?  In fact, why isn't the command
> > in /usr/sbin (or /sbin?), with the other system commands?
> 
> You can do stuff like
> chown you.someothergroup file
> when you're a member of someothergroup.

   Then you're right that it has to be accessable, but it still needs 
clear information on the man page!

 -- Stan Isaacs

> LLaP
> bero
> 
> 
> 
> -- 
> To unsubscribe: mail redhat-list-request redhat com with "unsubscribe"
> as the Subject.
> 
> 
>