Re: File create permissions, what am I missing?

[Greg Black]

On 2005-08-14, João Carlos Mendes Luís wrote:
> Greg Black wrote:
>> On 2005-08-13, Jo�o Carlos Mendes Lu�s wrote:
>>> Brooks Davis wrote:
>>> 
 On BSD systems, the group of a file is always the group of the directory
 it is in.  This differs from SysV UNIX.  The resident grey-beard at work
 feels this is a new and annoying behavior. (i.e. it wasn't always this
 way. :)
>>> 
>>> So this is expected behavior?  Isn't this someway insecure?
>> 
>> It is documented behaviour (see open(2) for details).  How is it
>> insecure?
> 
> I don't know how it could be unsecure.

So why suggest that it is?  If you find something that is
actually insecure, by all means bring it to people's attention;
but don't just randomly speculate without any evidence.  The
mere fact that it's unfamiliar to you or somehow different from
your normal expectations is not in itself sufficient reason to
proclaim that there's a problem.

> Is there any specifc reason for it to be
> different on SYSV and Linux?  Or is it just a different choice?

It's a different (and IMO better) choice.  And if you care about
the reasons, by all means track down the different histories
that led to the choices that were made.  But that's not really a
topic to flog to death here.

> I could not find any vulnerability, but I do not like the idea that a user 
> could
> create files belonging to a group himself does not belong.

He can only do this if he has write permission in the directory
in question and of course he also has write permission to the
file.  The fact that it might belong to a group he is not a
member of is irrelevant to security.

As has been pointed out, there are some useful things that you
can do with this feature and, as always with these things, it's
important to understand how things work before setting out to
use them.

And, while I'm at it, I'd point out that these questions are
better put on the questions list, as they are not really in the
domain of this list.

Greg
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File create permissions, what am I missing?

[Stijn Hoop]

On Sun, Aug 14, 2005 at 03:01:52AM -0300, João Carlos Mendes Luís wrote:
> I could not find any vulnerability, but I do not like the idea that a
> user could create files belonging to a group himself does not belong.

It can come in handy sometimes. I have apache setup in a specific
group.  The document root on which it operates is owned by a user that
owns that website. The group owner of that directory is set to the
apache group, and luckily the user does not need to be in that group.

This way a user can control availability of files on the web by simply
denying group access, without needing to belong to yet another group
just for the sake of being able to do just that.

--Stijn

-- 
"I'm not under the alkafluence of inkahol that some thinkle peep I am.  It's
just the drunker I sit here the longer I get."


pgpR6NL3YANNO.pgp
Description: PGP signature

Re: File create permissions, what am I missing?

[João Carlos Mendes Luís]

Greg Black wrote:
> On 2005-08-13, Jo�o Carlos Mendes Lu�s wrote:
> 
>>Brooks Davis wrote:
>>
>>>On BSD systems, the group of a file is always the group of the directory
>>>it is in.  This differs from SysV UNIX.  The resident grey-beard at work
>>>feels this is a new and annoying behavior. (i.e. it wasn't always this
>>>way. :)
>>
>>So this is expected behavior?  Isn't this someway insecure?
> 
> 
> It is documented behaviour (see open(2) for details).  How is it
> insecure?

I don't know how it could be unsecure.  Is there any specifc reason for it to be
different on SYSV and Linux?  Or is it just a different choice?

I could not find any vulnerability, but I do not like the idea that a user could
create files belonging to a group himself does not belong.  My first attempt was
to mark this file setgid, but the system denies it: It is my file, but I am not
in the file's group.  That would be too easy.   ;-)

Nevertheless, if somebody leaves a directory writeable by anoybody, he should
know what he's doing.  If I could just make /tmp not writeable...;-)

___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File create permissions, what am I missing?

[Greg Black]

On 2005-08-13, Jo?o Carlos Mendes Lu?s wrote:
> Brooks Davis wrote:
> > On BSD systems, the group of a file is always the group of the directory
> > it is in.  This differs from SysV UNIX.  The resident grey-beard at work
> > feels this is a new and annoying behavior. (i.e. it wasn't always this
> > way. :)
> 
> So this is expected behavior?  Isn't this someway insecure?

It is documented behaviour (see open(2) for details).  How is it
insecure?

Greg
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File create permissions, what am I missing?

[João Carlos Mendes Luís]

Brooks Davis wrote:
> On Fri, Aug 12, 2005 at 06:34:34PM -0300, João Carlos Mendes Luis wrote:
> 
>>In a directory with -rwxrwxrwx, any user can create files, but who should 
>>be the owner/group of this file?
>>
>>Long time ago in Unix history, the owner would be the user who created the 
>>file, and the group would be the users's primary group.
>>
>>Later, IIRC, if the directory group was one of the user's secondary groups, 
>>the file would also be from this group.
>>
>>A later modification defined that a setgid directory would effect in all 
>>files created belonging to the directory's user.
>>
>>Am I correct?
>>
>>But I have already tested 3 system, 2 with 5-stable and 1 with 4-stable, in 
>>which the created file inside a -rwxrwxrwx directory is created belonging 
>>to the directory's group, WITHOUT the setgid bit.  What did I miss?
> 
> 
> On BSD systems, the group of a file is always the group of the directory
> it is in.  This differs from SysV UNIX.  The resident grey-beard at work
> feels this is a new and annoying behavior. (i.e. it wasn't always this
> way. :)

So this is expected behavior?  Isn't this someway insecure?
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File create permissions, what am I missing?

[Dan Nelson]

In the last episode (Aug 12), Mike Meyer said:
> In <[EMAIL PROTECTED]>, Brooks Davis <[EMAIL PROTECTED]> typed:
> > On Fri, Aug 12, 2005 at 06:34:34PM -0300, Jo~ao Carlos Mendes Luis wrote:
> > > In a directory with -rwxrwxrwx, any user can create files, but
> > > who should be the owner/group of this file?
> > 
> > On BSD systems, the group of a file is always the group of the
> > directory it is in.  This differs from SysV UNIX.  The resident
> > grey-beard at work feels this is a new and annoying behavior. (i.e.
> > it wasn't always this way. :)
> 
> SysV lets you toggle that behavior on a per-directory basis. Turn the
> setgid bit on in the directory, and files created in it will be owned
> by the group that owns the directory.

Unfortunately, FreeBSD doesn't honor the "subdirectories created under
SGID subdirectories inherit the flag" rule, so you can't serve SysV
clients from FreeBSD NFS hosts without the permissions getting screwed
up (SysV clients expect the nfs server to set the bit).  Fix:

RCS file: /home/ncvs/src/sys/ufs/ufs/ufs_vnops.c,v
retrieving revision 1.271
diff -u -r1.271 ufs_vnops.c
--- ufs_vnops.c 9 Jun 2005 20:20:31 -   1.271
+++ ufs_vnops.c 14 Jun 2005 18:22:01 -
@@ -1336,6 +1336,8 @@
ip = VTOI(tvp);
ip->i_gid = dp->i_gid;
DIP_SET(ip, i_gid, dp->i_gid);
+   if (dp->i_mode & ISGID) 
+   dmode |= ISGID;
 #ifdef SUIDDIR
{
 #ifdef QUOTA

-- 
Dan Nelson
[EMAIL PROTECTED]
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File create permissions, what am I missing?

[Mike Meyer]

In <[EMAIL PROTECTED]>, Brooks Davis <[EMAIL PROTECTED]> typed:
> On Fri, Aug 12, 2005 at 06:34:34PM -0300, João Carlos Mendes Luis wrote:
> > In a directory with -rwxrwxrwx, any user can create files, but who should 
> > be the owner/group of this file?
> > 
> > Long time ago in Unix history, the owner would be the user who created the 
> > file, and the group would be the users's primary group.
> > 
> > Later, IIRC, if the directory group was one of the user's secondary groups, 
> > the file would also be from this group.
> > 
> > A later modification defined that a setgid directory would effect in all 
> > files created belonging to the directory's user.
> > 
> > Am I correct?
> > 
> > But I have already tested 3 system, 2 with 5-stable and 1 with 4-stable, in 
> > which the created file inside a -rwxrwxrwx directory is created belonging 
> > to the directory's group, WITHOUT the setgid bit.  What did I miss?
> 
> On BSD systems, the group of a file is always the group of the directory
> it is in.  This differs from SysV UNIX.  The resident grey-beard at work
> feels this is a new and annoying behavior. (i.e. it wasn't always this
> way. :)

SysV lets you toggle that behavior on a per-directory basis. Turn the
setgid bit on in the directory, and files created in it will be owned
by the group that owns the directory.

  http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: File create permissions, what am I missing?

[Brooks Davis]

On Fri, Aug 12, 2005 at 06:34:34PM -0300, João Carlos Mendes Luis wrote:
> In a directory with -rwxrwxrwx, any user can create files, but who should 
> be the owner/group of this file?
> 
> Long time ago in Unix history, the owner would be the user who created the 
> file, and the group would be the users's primary group.
> 
> Later, IIRC, if the directory group was one of the user's secondary groups, 
> the file would also be from this group.
> 
> A later modification defined that a setgid directory would effect in all 
> files created belonging to the directory's user.
> 
> Am I correct?
> 
> But I have already tested 3 system, 2 with 5-stable and 1 with 4-stable, in 
> which the created file inside a -rwxrwxrwx directory is created belonging 
> to the directory's group, WITHOUT the setgid bit.  What did I miss?

On BSD systems, the group of a file is always the group of the directory
it is in.  This differs from SysV UNIX.  The resident grey-beard at work
feels this is a new and annoying behavior. (i.e. it wasn't always this
way. :)

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4


pgproAfYHOSvF.pgp
Description: PGP signature

File create permissions, what am I missing?

[João Carlos Mendes Luis]

In a directory with -rwxrwxrwx, any user can create files, but who should be the 
owner/group of this file?


Long time ago in Unix history, the owner would be the user who created the file, 
and the group would be the users's primary group.


Later, IIRC, if the directory group was one of the user's secondary groups, the 
file would also be from this group.


A later modification defined that a setgid directory would effect in all files 
created belonging to the directory's user.


Am I correct?

But I have already tested 3 system, 2 with 5-stable and 1 with 4-stable, in 
which the created file inside a -rwxrwxrwx directory is created belonging to the 
directory's group, WITHOUT the setgid bit.  What did I miss?


___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"