In article <200205201928.OAA13328@tomcat.admin.navo.hpc.mil>,
Jesse Pollard <email@example.com> wrote:
>And ANY user can put files into YOUR directory. Even files you don't want
>there. AND you can't tell who did it.
A setuid bit on a directory doesn't mean it syddenly has
rwxrwxrwx permissions. You still need permission to create the
file as usual. Try playing with a setgid directory one day.
It behaves the same.
>> Only the owner of the directories can set this flag. There is nothing to
>Ah - so I can put files into your directory, and suddenly they are owned
>by you. Remember that the next time you are convicted of piracy with criminal
>data in your directory.... (DMCA remember - and saying "Those files are not
>mine" just doesn't cut it, when obviously they have your uid on them; the
>best you would work them down to is "contributing to piracy").
It would be stupid to have a setuid directory world writable. You'd
probably make it group writab;e. Then only people in that group have
access to create files, so the files aren't anonymous - they were
created by someone in that group.
>Also remember what happens when a hard link is created in the directory...
>The file changes ownership.
Adding an extra directory entry for a file doesn't change
the inode (well, the link count is bumped up by one) in any way.
-- "Insanity -- a perfectly rational adjustment to an insane world." - R.D. Lang
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu May 23 2002 - 22:00:20 EST