Re: [bug report]: chown(2) implementation in xfs is broken

[Robert Brockway <robert@xxxxxxxxxxxxxxxxx>]

On Sun, 6 Jul 2003, Ethan Benson wrote:

> your example doesn't really does not demonstrate any security hole
> anyway since you owned the file you could just as well run chmod 555
> testfile and then executed it.  even with irix behavior you cannot
> chown a file you don't already own in the first place.

Yes, you're right.  I should have demonstrated it with changing gid not
uid.  This is equally doable and does show a security hole.  It was late
when I wrote that and I failed to see the obvious error in using uid.

> typically its not allowed when quotas are in use, im not sure whether
> the irix behavior keeps to that or not.

Linux quite happily set restrict_chown=0 on my quota enabled xfs
filesystem.  It would definately be worth having a sanity check about
enabling both options at once.

Rob

-- 
Robert Brockway B.Sc. email: robert@xxxxxxxxxxxxxxxxx  ICQ: 104781119
Linux counter project ID #16440 (http://counter.li.org)
"The earth is but one country and mankind its citizens" -Baha'u'llah