From: "Miquel van Smoorenburg" <miquels@cistron.nl>
To: linux-kernel@vger.kernel.org
Subject: Re: suid bit on directories
Date: Mon, 20 May 2002 20:58:37 +0000 (UTC) [thread overview]
Message-ID: <acbo1t$aoo$1@ncc1701.cistron.net> (raw)
In-Reply-To: <20020520165312.3fb29ba2.michael@hostsharing.net> <200205201928.OAA13328@tomcat.admin.navo.hpc.mil>
In article <200205201928.OAA13328@tomcat.admin.navo.hpc.mil>,
Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> wrote:
>And ANY user can put files into YOUR directory. Even files you don't want
>there. AND you can't tell who did it.
A setuid bit on a directory doesn't mean it syddenly has
rwxrwxrwx permissions. You still need permission to create the
file as usual. Try playing with a setgid directory one day.
It behaves the same.
>> Only the owner of the directories can set this flag. There is nothing to
>> control.
>
>Ah - so I can put files into your directory, and suddenly they are owned
>by you. Remember that the next time you are convicted of piracy with criminal
>data in your directory.... (DMCA remember - and saying "Those files are not
>mine" just doesn't cut it, when obviously they have your uid on them; the
>best you would work them down to is "contributing to piracy").
It would be stupid to have a setuid directory world writable. You'd
probably make it group writab;e. Then only people in that group have
access to create files, so the files aren't anonymous - they were
created by someone in that group.
>Also remember what happens when a hard link is created in the directory...
>The file changes ownership.
Adding an extra directory entry for a file doesn't change
the inode (well, the link count is bumped up by one) in any way.
Mike.
--
"Insanity -- a perfectly rational adjustment to an insane world."
- R.D. Lang
next prev parent reply other threads:[~2002-05-20 20:58 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-05-18 8:34 suid bit on directories Michael Hoennig
2002-05-18 8:52 ` Cedric Ware
2002-05-18 10:34 ` Michael Hoennig
2002-05-19 1:12 ` jw schultz
2002-05-20 13:04 ` Jesse Pollard
2002-05-20 13:24 ` Michael Hoennig
2002-05-20 14:03 ` Jesse Pollard
2002-05-20 14:53 ` Michael Hoennig
2002-05-20 18:12 ` dean gaudet
2002-05-21 17:48 ` Bill Davidsen
2002-05-20 19:28 ` Jesse Pollard
2002-05-20 20:58 ` Miquel van Smoorenburg [this message]
2002-05-20 21:15 ` Michael Hoennig
2002-05-21 18:03 ` Bill Davidsen
2002-05-22 4:44 ` Michael Hoennig
2002-05-21 3:49 ` Dax Kelson
2002-05-20 15:53 ` Bill Davidsen
2002-05-20 19:17 ` Albert D. Cahalan
2002-05-20 20:17 ` Jesse Pollard
2002-05-21 3:28 ` Dax Kelson
2002-05-21 3:58 ` Dax Kelson
2002-05-21 18:04 ` Bill Davidsen
2002-05-21 18:35 ` J Sloan
2002-05-20 15:42 ` Bill Davidsen
-- strict thread matches above, loose matches on Subject: below --
2002-05-21 13:34 Jesse Pollard
2002-05-21 13:34 Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='acbo1t$aoo$1@ncc1701.cistron.net' \
--to=miquels@cistron.nl \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox