On Sat, 2007-09-15 at 01:43 +1000, Greg Banks wrote: > On Fri, Sep 14, 2007 at 10:58:38AM -0400, Jeff Layton wrote: > > If Irix isn't clearing these bits > > on a write then it might be good to see if they can fix that... > > I think first you'd have to mount a serious argument that it's broken, > more serious than "it works differently from Linux".
How about: "If IRIX isn't clearing these bits then they're leaving their customers wide open to all sorts of security issues." Unless you make the chmod/chgrp atomic with the write, then there will always be a way for a client to inject data while the setuid/setgid bits are set: basically, it allows said client to rewrite a setuid/setgid executable. We're not fixing this in the client because it isn't fixable on the client. Trond ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ eCryptfs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
