bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#393283: RFC: change chown *not* to look up numeric user/group na

From: Michael Stone
Subject: Re: Bug#393283: RFC: change chown *not* to look up numeric user/group names
Date: Thu, 19 Oct 2006 09:53:28 -0400
User-agent: Mutt/1.5.13 (2006-08-11) 
On Thu, Oct 19, 2006 at 11:29:23AM +0200, Jim Meyering wrote:

My motivation for making this change is mainly security.
The paranoid user of chown (usually root) should not have to imagine
that a numeric user name argument like "1000" might be interpreted as
a name and mapped to "0".

Can anyone present a case for *not* making this change?
I don't particularly care either way. I think that calling it a security concern is overstating it; if someone can create a user with uid 0 you've got bigger problems than whether they can use that ability to fool root. (Similarly if your root user simply doesn't understand the system they're working on.)
I guess it's a case of "numeric usernames are stupid" vs "will it break something". I don't see much reason *not* to be posix compliant in this case, though. 

Mike Stone
reply via email to
[Prev in Thread] Current Thread [Next in Thread]