From: utzoo!decvax!cca!DEAN@Usc-Ecl@sri-unix
Newsgroups: net.unix-wizards
Title: Re: Chown: right or privilege
Article-I.D.: sri-unix.2972
Posted: Fri Aug 27 21:01:23 1982
Received: Wed Sep  8 06:30:29 1982

From: Jeff Dean 
Date: 22 Aug 1982 2143-PDT
I agree there is a potential security problem with "at" when users
are allowed to "chown" their own files.  I disagree with your solution.
The problem here is with "at",  and not with "chown".  

If I "chown" one of my files to root, THAT is not a security problem.  If
there is a command that does a setuid on an arbitrary program and then
executes that program, without adequately checking to make sure that the
setuid is OK, then that command is the one directly responsible for the
security lapse.

Please don't restrict users unnecessarily by disallowing chown.  Instead, fix
the programs that are directly responsible for the security problems.

-- Jeff
-------