[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Feature Request: disallow world-writable files in chmod
From: |
Joseph D. Wagner |
Subject: |
Re: Feature Request: disallow world-writable files in chmod |
Date: |
Thu, 27 Jun 2013 13:31:19 -0700 |
User-agent: |
Roundcube Webmail/0.8.6 |
On 06/27/2013 1:03 pm, Ben Lentz wrote:
And the kernel devs would never allow it. You may still want to patch
your local systems, either chmod or the kernel. However, this will
not
be accepted upstream.
My suggestion was merely meant to insight thought in the user
attempting to set files world-writable, perhaps triggering a
discussion with their system administrator about proper usage of
I certainly don't aim to remove S_WOTH from the kernel; I certainly
don't think chmod providing some resistance or objection to being used
to set this bit would be a bad thing.
Maybe the world isn't ready yet. Oh well, thanks anyway I guess.
Sorry, I wasn't trying to be dismissive. I was trying to point you
to a better direction to take this discussion. To the contrary, I
think your idea has some merits in certain use-cases, especially on
locked-down systems.
If I could waive a magic wand and implement this any way I wanted,
I would create it as a optional (bool) selinux policy which prevents
members of users_u from adding o+w. The advantages of doing it this
way:
1. Truly secure. Can't be bypassed by another program.
2. You would have fine-grained control of who's locked out by
managing their groups -- users_u, staff_u, root_u, or
unconfined_u.
3. You wouldn't need to be root in order to do it. You could be
a non-root member of staff_u.
However, I don't know if the kernel has selinux checks at that
particular point in the codepath to support such a policy. Perhaps
the selinux guys would already know the answer to this.
Joseph D. Wagner