[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Feature Request: disallow world-writable files in chmod
|
From: |
Ben Lentz |
|
Subject: |
Feature Request: disallow world-writable files in chmod |
|
Date: |
Wed, 26 Jun 2013 21:09:37 -0400 |
I suspect I may get laughed off the list... but would you folks ever
consider restricting the use of chmod such that world-writable files
are reserved for 1) /tmp-style permissions (1777) or 2) reserved for
root-only users? Despite training (berating?) users, it seems the
default reaction to "oh no, I am having a permission problem" is an
knee-jerk execution of "chmod -R 777 *" in order to make the 'problem'
go away... however all it's really done is *move* the problem...
I realize this may break things - a lot of things - stuff I'm not
considering - of course you could always wrap in a set of ifdef tags
and make it non-default?
*** src/chmod.c Wed Jun 26 16:16:28 2013
--- src/chmod.c Wed Jun 26 17:57:17 2013
***************
*** 244,249 ****
--- 244,258 ----
new_mode = mode_adjust (old_mode, S_ISDIR (old_mode) != 0, umask_value,
change, NULL);
+ if ((new_mode & S_IWOTH) && !(new_mode & S_ISVTX) && (getuid() != 0))
+ {
+ error (0, 0, _("world-writable permissions have been
restricted by your system administrator"));
+ ok = false;
+ }
+ }
+
+ if (ok)
+ {
if (! S_ISLNK (old_mode))
{
if (chmodat (fts->fts_cwd_fd, file, new_mode) == 0)
- Feature Request: disallow world-writable files in chmod,
Ben Lentz <=