Re: again security proposal

Yuri Kuzmenko (yuri@cs.cracksoft.kiev.ua)
Mon, 29 Dec 1997 21:04:56 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Yuri Kuzmenko: "Re: hardlinks.... sucks... ;-("
Previous message: Yuri Kuzmenko: "Re: again security proposal"

Ok, I tell the real things: I have the ifmail fidonet package on my system. And
I have uucp group, where enter several users that can operate with modem lines,
fidonet inbound/outbound, etc. And for compatibility with ifcico (fidonet
mailer, it's run from fido.uucp suid+sgid) I run chown fido.uucp -R
/var/spool/ifmail (+ chmod g+rw) every 10 minutes from cron. Yes, I know, that
is not better solution. But there is it. And there is it for some month ago.
Unfortunately *now* I have _one_ partition for /var and /. There is lame, I
know. It's will be fixed. BUT: without my patch, *ANY* user can crack my system
NOW. I think, this patch is only one solution for me *now*. About compatibility
with standards: 1) users _not_ needs the hardlinks IMHO (with patch users *can*
user hardlinks for their files 2) disabling of hardlinks maybe, NOT, MUST be a
configurable option, and we need to make subsection in kernel config for
security "features"

In article <Pine.LNX.3.96.971229191758.27813C-100000@vci.vistacom.fi> you wrote:
>On Mon, 29 Dec 1997, Yuri Kuzmenko wrote:

>> No... See my message. chown must be run from root. This is "standard"
>> operation (changing user uid, etc).

>Well, if changing the user id is a "standard" operation (which
>it should not be, if you do some planning), the correct way to
>change ownership of the user's files is the following:

>find / -uid 123 -exec chown user {} \; # Old user id = 123

>This should be obvious if you think of the semantics of the
>UNIX file system.

>--
>Johan Myreen
>jem@iki.fi

Next message: Yuri Kuzmenko: "Re: hardlinks.... sucks... ;-("
Previous message: Yuri Kuzmenko: "Re: again security proposal"