[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Minor security issue in copying permission bits
|
From: |
Paul Eggert |
|
Subject: |
Re: Minor security issue in copying permission bits |
|
Date: |
Thu, 08 Nov 2007 00:57:38 -0800 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux) |
Lasse Collin <address@hidden> writes:
> Now the users in the "restrict" group will have access to foo.gz
> although they didn't have access to the original foo file.
First, the same problem applies to user permissions too, no?
For example, if the original file is mode 066, the
compressed copy will be writeable to the original user
even though the original user doesn't own the copy and
couldn't write the original file.
Second, we don't need weird permissions to illustrate the problem of
"unexpected" permissions-granting. We can just have a file that's
mode 660. The copy will be in a different group, so users in that
group will be able to access the file even though they couldn't access
it before.
> - fchown (ofd, ifstat->st_uid, ifstat->st_gid); /* Copy ownership */
> + (void) fchown (ofd, ifstat->st_uid, -1);
> + r = fchown (ofd, -1, ifstat->st_gid);
I dunno, this sort of change gives me the willies, and the rest of the
code that's added to work around the glitches doesn't dispell the
willies.
This same problem must afflict almost every program that invokes
chown() or fchown(). It's not reasonable to make this change to all
applications. What we can do is tell users "don't use weird
permissions like that, unless you really know what you're doing, and
you probably don't".