[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Sudo from scripts



On Mon, 2008-11-17 at 21:56 +0000, g wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Patrick O'Callaghan wrote:
> 
> > WHat do you mean? Chown runs as the user, so the permissions are those
> > of the user. What else should it do?
> 
> to clarify to a collage professor level. [excuse satire]
> 
> 'chown' allows changing ownership with out regard as to who change is being
> made to.
> 
> if i write a destructive script or program, change permissions to '777'
> then change ownership and group to root, would this not be a security risk.

You can do that if you're root. Otherwise you can't. You can do lots of
idiotic things as root. What's your point?

> therefore, to prevent such, 'chown' should not be able to change ownership
> with out checking to ensure that user making change is of required authority.

The "user" is *root*, otherwise chown will fail. Note that the standard
chown command is not setuid, i.e. the real and effective user ids are
the same, and of course the command calls chown(2), the man page of
which says:

        Only  a privileged process (Linux: one with the CAP_CHOWN
        capability) may change the owner of a file.

You seem to be suggesting that root should be able to change to some
owners and not to others. That may well be a sensible security policy in
some contexts, but the basic Unix security model is not rich enough to
express it since root is all-powerful (SElinux is a different story).

poc


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]