home *** CD-ROM | disk | FTP | other *** search
- Submitted-by: toon@moene.indiv.nluug.nl (Toon Moene)
-
- Lectori Salutem,
-
- Recently, I had a short discussion with the support staff of ECMWF's Cray
- Y-MP/8 about the use of chown and chmod u+s on the (new) UNICOS 7.0.
- An excerpt follows:
-
- ------------------------------------------------------------------------
-
- Under UNICOS the setting of the SETUID bit on a binary file is
- by default restricted to ROOT. This is in accordance with the
- recommendations being submitted to POSIX. Cray, and other manufacturers,
- are modifying their systems to be POSIX-compliant and this, together with
- the removal of the 'chown' permission for "normal" users is probably the
- most obvious consequence to users. We allow "normal" users to change
- ownership of their files (though this may not be possible in the future),
- but not to SETUID their files, since, in the future, neither of these may
- be possible.
-
- ------------------------------------------------------------------------
-
- Short question: Why is it considered a security risk when people give away
- their own files (by chown'ing them to someone else) or setuid 'user' their
- own executables (OK, they have to be careful here) ?
-
- --
- Toon Moene (toon@moene.indiv.nluug.nl)
- Kantershof 269, 1104 GN Amsterdam, The Netherlands
- Tel.: + 31 20 6982029; Fax: + 31 20 6003411
- No Disclaimers; a NeXT at home protects against this occupational hazard.
-
-
- Volume-Number: Volume 28, Number 70
-
-
