Re: again security proposal

Alexander V. Lukyanov (lav@video.yars.free.net)
Tue, 30 Dec 1997 10:42:22 +0300 (MSK)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Boris Tobotras: "Re: Default character set of the Linux console"
Previous message: Roderich Schupp: "Re: PPP broken sometime after 2.1.66?"
Maybe in reply to: Yuri Kuzmenko: "again security proposal"

> As somebody already mentioned:
>
> find / -uid [olduid] | xargs chown [newuid]
>
> is the Right Thing to do here. Think about it.

This is _almost_ the Right Thing. The following is more correct:

find / -uid [olduid] ! -type l -print0 | xargs -0r chown [newuid]

but think about it, there is a race condition here. What if the user
has a process running which flips a usual file and a symlink to
/etc/passwd? The option -h of chown forces it not to follow symlinks,
but unfortunately it is not supported on linux (it is on solaris).
Maybe it is time to add lchown system call if it is not added already.

Alexander.

Next message: Boris Tobotras: "Re: Default character set of the Linux console"
Previous message: Roderich Schupp: "Re: PPP broken sometime after 2.1.66?"
Maybe in reply to: Yuri Kuzmenko: "again security proposal"