[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Feature Request: disallow world-writable files in chmod
From: |
Pádraig Brady |
Subject: |
Re: Feature Request: disallow world-writable files in chmod |
Date: |
Thu, 27 Jun 2013 12:19:47 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 06/27/2013 02:09 AM, Ben Lentz wrote:
> I suspect I may get laughed off the list... but would you folks ever
> consider restricting the use of chmod such that world-writable files
> are reserved for 1) /tmp-style permissions (1777) or 2) reserved for
> root-only users? Despite training (berating?) users, it seems the
> default reaction to "oh no, I am having a permission problem" is an
> knee-jerk execution of "chmod -R 777 *" in order to make the 'problem'
> go away... however all it's really done is *move* the problem...
>
> I realize this may break things - a lot of things - stuff I'm not
> considering - of course you could always wrap in a set of ifdef tags
> and make it non-default?
>
> *** src/chmod.c Wed Jun 26 16:16:28 2013
> --- src/chmod.c Wed Jun 26 17:57:17 2013
> ***************
> *** 244,249 ****
> --- 244,258 ----
> new_mode = mode_adjust (old_mode, S_ISDIR (old_mode) != 0,
> umask_value,
> change, NULL);
>
> + if ((new_mode & S_IWOTH) && !(new_mode & S_ISVTX) && (getuid() != 0))
> + {
> + error (0, 0, _("world-writable permissions have been
> restricted by your system administrator"));
> + ok = false;
> + }
> + }
> +
> + if (ok)
> + {
> if (! S_ISLNK (old_mode))
> {
> if (chmodat (fts->fts_cwd_fd, file, new_mode) == 0)
Yes o+w is an unusual permission as evidenced by:
sudo find /etc -type f -perm /o+w
If users are willing to use such a hammer on their permissions though,
it's a small step to clearing their umask etc. to get o+w by default,
or using other tools to o+w files.
Also o+w might be used for something specific by certain file systems.
So it would have to be an option, but then if an option,
the users can just avoid the check again if they want.
So I'm thinking such a patch could only be applied locally,
according to your systems and policies.
thanks,
Pádraig.