From: utzoo!decvax!cca!decot@Mitre@sri-unix Newsgroups: net.unix-wizards Title: Re: Chown: right or privilege Article-I.D.: sri-unix.2821 Posted: Sat Aug 21 06:09:29 1982 Received: Sun Aug 22 02:27:22 1982 From: Dave DecotDate: 11 Aug 1982 9:27:40 EDT (Wednesday) Perhaps users should be able to change the ownership of their own files, but some security violations ARE possible unless certain restrictions are placed on the files `chowned'. There are also situations where this facility should not be present at all. Requests to chown files with the 'set-uid' or 'set-gid' bits set should not be honored, or if they are, these bits must be cleared by the chown program. Otherwise, any user might create a shell file or other p|er. Buthat does 'bad' things, set these bits, chown the file to root and have his way. The ability to change the ownership of a directory must also be carefully restricted to avoid any number of unpleasant situations. For example, consider this sequence: % cd % mkdir mutter % cd mutter % cat >foofile asdfjkl asdfjkl ^D % chown her foofile % cd .. % chown her mutter If the user performing this sequence has no write permission on mutter, he has (perhaps unwittingly?) created in his tree a directory he cannot remove. Finally, this mechanism should be severely restricted or not available on systems where disk space is at a premium and users are accounted for the number of blocks they use. A dastardly user might create hundreds of files owned by a user who doesn't know they exist (and may have no way of finding out that they do!). -Dave Decot