Re: suid bit on directories

Bill Davidsen (davidsen@tmr.com)
Mon, 20 May 2002 11:53:11 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Re: AUDIT: copy_from_user is a deathtrap."
Previous message: Meelis Roos: "2.5.16: modular IDE unresolved symbols"
In reply to: Jesse Pollard: "Re: suid bit on directories"
Next in thread: Albert D. Cahalan: "Re: suid bit on directories"
Next in thread: Bill Davidsen: "Re: suid bit on directories"

On Mon, 20 May 2002, Jesse Pollard wrote:

> Michael Hoennig <michael@hostsharing.net>:

> > > 1. users will steal/bypass quota controls
> >
> > Not in my example - acutally even the other way around.
>
> And just how is it prevented? quotas are applied based on either group
> or user. Normally it is based on user. Once the uid is set, then the
> quotas start being deducted. If the the user procedes to store 10 G of
> music files, who is charged? And how do you know who put them there.

I won't repeat my previous, but obviously the owner of the file is
charged, and (b) if you care who put it there don't have a directory like
that. If you are a control freak you don't create the directory in the
first place. The behaviour is a feature not a problem.

> > > 2. Consider what happens if a user creates a file in such a directory
> > > and it is executable. - since the file is fully owned by a different
> > > user, it appears to have been created by that user. What protection
> > > mask is on the file? Can the creator (not owner) make it setuid?
> > > (nasty worm propagation method)
> >
> > Again: it depends on the usage. In my case it is the other way around. A
> > use should know what he is doing if he is setting this flag on a
> > directory. And making such files suid again, has to be prevented by the
> > code - that I even mentioned in my first mail on this issue.
>
> How are you going to control it?

The code is already in place to remove the setuid bit when changing
the owner of a file. I don't see more than an AND on the permissions in
creat() to provide this protection as the owner is changed.

> > > > Actually, the suid bit on directories works at least under FreeBSD. Is
> > > > there any reason, why it does not work under Linux?
> > >
> > > I don't believe it is in the POSIX definition.
> >
> > I only said, it works under FreeBSD, it is an option there.
>
> Then use FreeBSD.

If developers had taken that approach to suggestions for enhancements in
network code people would, and Linux would be saddled with the 1.x network
code (shudder). Ditto journaling, bitmapped filesystems, etc. All started
from features in other operating systems. To reverse your idea, if you
don't want progress stay with 2.2.xx and don't read a DEVELOPMENT list.

-- bill davidsen <davidsen@tmr.com> CTO, TMR Associates, Inc "He stood across the path of progress, loudly crying HALT!"

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: AUDIT: copy_from_user is a deathtrap."
Previous message: Meelis Roos: "2.5.16: modular IDE unresolved symbols"
In reply to: Jesse Pollard: "Re: suid bit on directories"
Next in thread: Albert D. Cahalan: "Re: suid bit on directories"
Next in thread: Bill Davidsen: "Re: suid bit on directories"