[plug] chown as a user?
The Thought Assassin
assassin at live.wasp.net.au
Sat Jun 17 15:09:26 WST 2000
On Sat, 17 Jun 2000, Beau Kuiper wrote:
> On Sat, 17 Jun 2000, The Thought Assassin wrote:
> > On Sat, 17 Jun 2000, Trevor Phillips wrote:
> > > I need to be able to let a user change files owned by them, to be owned by
> > > someone else.
> > The ability to do this would result in serious Denial-of-Service attacks
> Not only that, you can steal email from other users (set a .forward in their
> name in their home directory),
No. You can't create a file in someone else's home directory.
> run programs as other users (chown a setuid
> program to another user, and then run it), and lots of other nasty things.
No. Chown would remove the setuid bit if that were the case.
> Basicly, it is something you DONT wan't to do
Yes.
-Greg Mildenhall
More information about the plug
mailing list