From: utzoo!decvax!cca!DEAN@Usc-Ecl@sri-unix Newsgroups: net.unix-wizards Title: Re: Chown: right or privilege Article-I.D.: sri-unix.2972 Posted: Fri Aug 27 21:01:23 1982 Received: Wed Sep 8 06:30:29 1982 From: Jeff DeanDate: 22 Aug 1982 2143-PDT I agree there is a potential security problem with "at" when users are allowed to "chown" their own files. I disagree with your solution. The problem here is with "at", and not with "chown". If I "chown" one of my files to root, THAT is not a security problem. If there is a command that does a setuid on an arbitrary program and then executes that program, without adequately checking to make sure that the setuid is OK, then that command is the one directly responsible for the security lapse. Please don't restrict users unnecessarily by disallowing chown. Instead, fix the programs that are directly responsible for the security problems. -- Jeff -------