On Sun, 2003-07-06 at 19:26, Karol Lewandowski wrote:
>
> Vanilla Linux 2.4.21 form kernel.org + xfs snapshot:
> dmesg: SGI XFS snapshot-2.4.21-2003-06-23_01:45_UTC with no debug enabled
>
> Any user can chown his own files to any uid or gid.
Use CVS, we need to redo the snapshots, they were made at a bad point
in time. You need to echo 1 > /proc/sys/fs/xfs/restricted_chown,
the default was set to the wrong value for a while and is fixed now.
Steve
>
> Unprivileged user (say karol) can do this successufly:
>
> karol@greenplant:/tmp/test$ id
> uid=1023(karol) gid=127(plant)
> groups=127(plant),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),101(dri)
> karol@greenplant:/tmp/test$ touch newfile
> karol@greenplant:/tmp/test$ ls -l
> total 0
> -rw------- 1 karol plant 0 Jul 7 02:02 newfile
> karol@greenplant:/tmp/test$ chown root:root newfile
> karol@greenplant:/tmp/test$ ls -l
> total 0
> -rw------- 1 root root 0 Jul 7 02:02 newfile
> karol@greenplant:/tmp/test$
>
>
> Patch for Linux 2.4.20 doesn't seem to have this problem, so i tried to locate
> this issue... I think the problem is in <linuxroot>/fs/xfs/xfs_vnodeops.c
> Unhopefuly I weren't able to fix it, I'm not kernel hacker (Yet :)
>
> --
> kl ./. You may be recognized soon. Hide.
>
|