There was a long thread on this earlier in the group.
I was shocked at the behavior (HP-UX, for one, doesn't have it, and I'm
pretty damned sure that the first Unix I used [BSD 2.1 as I recall]
didn't), but apparently Linux has always worked this way.
(PS: There are other, less drastic, ways to plug the security
vulnerability with SUID root files; HP-UX plugs it by always turning off
the SUID bit when a chown is executed. Seems reasonable to me. It does
seem likely, however, that you can run somebody else out of disk quota
by giving him files over & over, so I gues there's argument to made for
the Linux approach.)
Charles Curley wrote:
>
> On Fri, Aug 04, 2000 at 12:14:09PM -0700, Anton Graham wrote:
> > Submitted 04-Aug-00 by Charles Curley:
> > > OK, how do I give away a file?
> >
> > Only root can do this. The reasoning is as follows: I compile my own copy
> > of a program, chmod 4555, and then give it to root. Now I have an
> > unaccounted for suid process that can do anything it wants to.
> >
> > For the same reasons, you can only give files to groups of which you are a
> > member.
>
> They are members of the same group, although in neither case is it the
> default group.
>
> cgi:x:98:nobody,ccurley
>
> --
>
> -- C^2
>
> No windows were crashed in the making of this email.
>
> Looking for fine software and/or web pages?
> http://w3.trib.com/~ccurley
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
"Brian, the man from babble-on" [EMAIL PROTECTED]
Brian T. Schellenberger http://www.babbleon.org
Support http://www.eff.org. Support decss defendents.
Support http://www.programming-freedom.org. Boycott amazon.com.
