Re: SUIDDIR problem
SUIDDIR will work for any user EXCEPT ROOT I did this because I felt it was a security hole to allow users to create files owned by root. (from memory it will also refuse to do files that have the execute bit set but I can't remember for sure) In a mildly drunken state, I respond. :) Without looking, I'd imagine that if the chmod command of FTP will allow you to do a "chmod 4755 file-I-just-uploaded" -- if you have the ability to execute programs on the machine you uploaded to, this could be a major problem. Hence, I'd agree with your decision. --mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: SUIDDIR problem
On Sat, 16 Oct 1999, Mike Nowlin wrote: SUIDDIR will work for any user EXCEPT ROOT I did this because I felt it was a security hole to allow users to create files owned by root. (from memory it will also refuse to do files that have the execute bit set but I can't remember for sure) In a mildly drunken state, I respond. :) Without looking, I'd imagine that if the chmod command of FTP will allow you to do a "chmod 4755 file-I-just-uploaded" -- if you have the ability to execute programs on the machine you uploaded to, this could be a major problem. Hence, I'd agree with your decision. Since the ftp daemon will create files without the x bits set, they will succeeed, and will immediatly be owned by the owner of the directory. The sender no-longer owns them and cannot set mode bits, whether or not the ftp daemon would allow it to. --mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
SUIDDIR problem
[Maybe this is -questions/-stable material, I'm not sure. Please flame appropriately.] On a very recent -stable system: I have a directory, say /ftp/foocust/in. This directory - resides in a filesystem mounted on /ftp with the suiddir option (with SUIDDIR in the kernel). - is owned by uid root,group ftp - has mode u=rws,g=rwx,o= A user foo, group ftp, puts a file there using ftp (I'm running the stock FreeBSD ftpd). I would expect this file to subsequently become owned by root instead of foo, but nevertheless the file stays owned by foo. What am I doing wrong? Thanks, -- Jos Backus _/ _/_/_/ "Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/_/ [EMAIL PROTECTED] _/_/ _/_/_/ use Std::Disclaimer; To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: SUIDDIR problem
SUIDDIR will work for any user EXCEPT ROOT I did this because I felt it was a security hole to allow users to create files owned by root. (from memory it will also refuse to do files that have the execute bit set but I can't remember for sure) We use it all the time on our PC fileservers so that DOS users always own the files in their dropbox directories but they can give each other files (e.g. documents). On Fri, 15 Oct 1999, Jos Backus wrote: [Maybe this is -questions/-stable material, I'm not sure. Please flame appropriately.] On a very recent -stable system: I have a directory, say /ftp/foocust/in. This directory - resides in a filesystem mounted on /ftp with the suiddir option (with SUIDDIR in the kernel). - is owned by uid root,group ftp - has mode u=rws,g=rwx,o= A user foo, group ftp, puts a file there using ftp (I'm running the stock FreeBSD ftpd). I would expect this file to subsequently become owned by root instead of foo, but nevertheless the file stays owned by foo. What am I doing wrong? Nothing, they just can't be owned by root. Thanks, -- Jos Backus _/ _/_/_/ "Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/_/ [EMAIL PROTECTED] _/_/ _/_/_/ use Std::Disclaimer; To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: SUIDDIR problem
On Fri, Oct 15, 1999 at 10:29:04AM -0700, Julian Elischer wrote: SUIDDIR will work for any user EXCEPT ROOT Ahh I see, a big thanks to you Julian! OK, I'll use a different userid, say, bar (and make the directory sticky so foo cannot remove the file it just created - it will be owned by bar). Cheers, -- Jos Backus _/ _/_/_/ "Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/_/ [EMAIL PROTECTED] _/_/ _/_/_/ use Std::Disclaimer; To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message