Re: Feature Request: disallow world-writable files in chmod
On Thu, Jul 4, 2013 at 8:12 AM, Jaroslav Rakhmatoullin wrote: > If a user wants to (makes the mistake of) let others delete their files, > it's not "your job" to teach them otherwise. Compare to "real life"; someone > leaves a bike on the street unlocked and someone else steals it. Does it > make sense to file a complaint to the police department about not educating > people of this danger? Now, if the user has an elevated role on your system I agree, although (where I work) the sysadmin staff is held responsible for file system permission audits and penetration test results. A bit unfair as we have users on our systems that cause the findings... I don't have any FAT32 in my environment and past experience (shell histories) has shown that users are, in fact, doing this to themselves. An ounce of prevention is worth a pound of cure, and I think we may be able to agree that 777ing a whole mess of files is generally not a necessary thing to do - so if I can help stop a user from "incorrectly" setting permissions by giving them a warning message, that may help reduce the number of wide-open files I have on my systems. This reduces the security exposure I have as well. While I do agree with restricting something like this at the kernel level (SELinux or whatnot), I guess I was hoping for something a little more portable (operating system agnostic) and perhaps a little less drastic. Like I said, never mind... throw me on the pile of rejected feature requests :-)
Re: Feature Request: disallow world-writable files in chmod
> And the kernel devs would never allow it. You may still want to patch > your local systems, either chmod or the kernel. However, this will > not be accepted upstream. Although it might not be apparent, do I understand this. It would be trivial to write a perl program to replace chmod and permit setting whatever permissions you wanted. However, I would guess that, in a practical sense, users who are running around 'solving' permission issues with chmod 777 probably aren't savvy enough to rewrite chmod in another language. My suggestion was merely meant to insight thought in the user attempting to set files world-writable, perhaps triggering a discussion with their system administrator about proper usage of groups, sudo, etc. I'd sleep easier at night knowing novices were running around using 775 instead of 777 by default if they didn't know better. I certainly don't aim to remove S_WOTH from the kernel; I certainly don't think chmod providing some resistance or objection to being used to set this bit would be a bad thing. Maybe the world isn't ready yet. Oh well, thanks anyway I guess.
Feature Request: disallow world-writable files in chmod
I suspect I may get laughed off the list... but would you folks ever
consider restricting the use of chmod such that world-writable files
are reserved for 1) /tmp-style permissions (1777) or 2) reserved for
root-only users? Despite training (berating?) users, it seems the
default reaction to "oh no, I am having a permission problem" is an
knee-jerk execution of "chmod -R 777 *" in order to make the 'problem'
go away... however all it's really done is *move* the problem...
I realize this may break things - a lot of things - stuff I'm not
considering - of course you could always wrap in a set of ifdef tags
and make it non-default?
*** src/chmod.c Wed Jun 26 16:16:28 2013
--- src/chmod.c Wed Jun 26 17:57:17 2013
***
*** 244,249
--- 244,258
new_mode = mode_adjust (old_mode, S_ISDIR (old_mode) != 0, umask_value,
change, NULL);
+ if ((new_mode & S_IWOTH) && !(new_mode & S_ISVTX) && (getuid() != 0))
+ {
+ error (0, 0, _("world-writable permissions have been
restricted by your system administrator"));
+ ok = false;
+ }
+ }
+
+ if (ok)
+ {
if (! S_ISLNK (old_mode))
{
if (chmodat (fts->fts_cwd_fd, file, new_mode) == 0)
