| To: | linux-xfs@xxxxxxxxxxx |
|---|---|
| Subject: | Re: [bug report]: chown(2) implementation in xfs is broken |
| From: | Robert Brockway <robert@xxxxxxxxxxxxxxxxx> |
| Date: | Mon, 7 Jul 2003 11:32:18 -0400 (EDT) |
| In-reply-to: | <20030707065106.GY930@plato.local.lan> |
| References: | <7kadbrchcp.fsf@greenplant.dot> <3F08C005.3070706@linux-sxs.org> <Pine.LNX.4.56.0307070055520.11005@zen.canint.timetraveller.org> <20030707053311.GX930@plato.local.lan> <Pine.LNX.4.56.0307070154350.11005@zen.canint.timetraveller.org> <20030707065106.GY930@plato.local.lan> |
| Sender: | linux-xfs-bounce@xxxxxxxxxxx |
On Sun, 6 Jul 2003, Ethan Benson wrote: > your example doesn't really does not demonstrate any security hole > anyway since you owned the file you could just as well run chmod 555 > testfile and then executed it. even with irix behavior you cannot > chown a file you don't already own in the first place. Yes, you're right. I should have demonstrated it with changing gid not uid. This is equally doable and does show a security hole. It was late when I wrote that and I failed to see the obvious error in using uid. > typically its not allowed when quotas are in use, im not sure whether > the irix behavior keeps to that or not. Linux quite happily set restrict_chown=0 on my quota enabled xfs filesystem. It would definately be worth having a sanity check about enabling both options at once. Rob -- Robert Brockway B.Sc. email: robert@xxxxxxxxxxxxxxxxx ICQ: 104781119 Linux counter project ID #16440 (http://counter.li.org) "The earth is but one country and mankind its citizens" -Baha'u'llah |
| Previous by Date: | Re: [bug report]: chown(2) implementation in xfs is broken, Eric Sandeen |
|---|---|
| Next by Date: | [Bug 258] Kernel (smp) lockup: ioctl(XFS_IOC_RESVSP); truncate() on fs with unwritten=1, bugzilla-daemon |
| Previous by Thread: | Re: [bug report]: chown(2) implementation in xfs is broken, Ethan Benson |
| Next by Thread: | Re: [bug report]: chown(2) implementation in xfs is broken, Ethan Benson |
| Indexes: | [Date] [Thread] [Top] [All Lists] |