Re: suid bit on directories

Michael Hoennig (michael@hostsharing.net)
Sat, 18 May 2002 12:34:35 +0200


Hi Cedric,

> > I do not even see a security hole if nobody other than the user itself
> > and httpd/web can reach this area in the file system, anyway. And it
> > is still the users decision that files in this (his) directory should
> > belong to him.
>
> I guess it is considered a security hole if a user can create files not
> belonging to him.

where is it so much different from the guid flat on directories? That way
too, you could get rights of a group of which you are not a member. As
far as I can see, all what has to be prevented, is to create files with
suid flag set within such a folder - not even for a microsecond
(race-condition). Or do I miss something? Other issues are quota, but
this problem already exists with guid bit for directories. And in my case
(mod_php), it is even worse the way it is.

> > Actually, the suid bit on directories works at least under FreeBSD. Is
>
> Not under 4.x (nor OpenBSD 2.9); or did I do anything wrong?

OpenBSD is extremely carefully about security issues. Thus, it might not
work at all in OpenBSD. But it works under FreeBSD (as an option which
has to be compiled into the kernel). This is exactly what I would like to
have for Linux.

Michael

-- 
Hostsharing eG / c/o Michael Hönnig / Boytinstr. 10 / D-22143 Hamburg
phone:+49/40/67581419 / mobile:+49/177/3787491 / fax:++49/40/67581426
http://www.hostsharing.net ---> Webhosting Spielregeln selbst gemacht
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/