[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sudo from scripts



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patrick O'Callaghan wrote:

> WHat do you mean? Chown runs as the user, so the permissions are those
> of the user. What else should it do?

to clarify to a collage professor level. [excuse satire]

'chown' allows changing ownership with out regard as to who change is being
made to.

if i write a destructive script or program, change permissions to '777'
then change ownership and group to root, would this not be a security risk.

therefore, to prevent such, 'chown' should not be able to change ownership
with out checking to ensure that user making change is of required authority.

this is something that i went thru with other unix admins and programmers
in early days and i still contend that it is a security risk.

granted, i have not checked if ability is still there, but from jerry's
post, i presume that it is and is a security risk.

later.
- --
peace out.

tc,hago.

g
.

in a free world without fences, who needs gates.

learn linux:
'Rute User's Tutorial and Exposition'   http://rute.2038bug.com/index.html.gz
'The Linux Documentation Project'   http://www.tldp.org/
'LDP HOWTO-index'   http://www.tldp.org/HOWTO/HOWTO-INDEX/index.html
'HowtoForge'   http://howtoforge.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Red Hat - http://enigmail.mozdev.org

iD8DBQFJIeil+C4Bj9Rkw/wRAmE0AKCZGsQOUoY+e20IC6+s1jmTNCwGXQCaApAH
lTeuuxEZjW0zjGEyqXMX2CM=
=6bC/
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]