On Thu, Oct 19, 2006 at 11:29:23AM +0200, Jim Meyering wrote:
My motivation for making this change is mainly security.
The paranoid user of chown (usually root) should not have to imagine
that a numeric user name argument like "1000" might be interpreted as
a name and mapped to "0".
Can anyone present a case for *not* making this change?
I don't particularly care either way. I think that calling it a security
concern is overstating it; if someone can create a user with uid 0
you've got bigger problems than whether they can use that ability to
fool root. (Similarly if your root user simply doesn't understand the
system they're working on.)
I guess it's a case of "numeric usernames are stupid" vs "will it break
something". I don't see much reason *not* to be posix compliant in this
case, though.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
