[plug] chown as a user?

[Petter Reinholdtsen]

[Beau Kuiper]
> Not only that, you can steal email from other users (set a .forward
> in their name in their home directory),

Only if you have write access to their home directory - which in
itself is a very bad idea.

> run programs as other users (chown a setuid program to another user,
> and then run it),

Not with a proper kernel.  It should clear all suid flag if you change
the user of the program.

> and lots of other nasty things.

Tell me more.  I do not think the two examples show any problem with
chown.  The only problem I know of is DOS attack on a filesystem with
quotas.  Please let me know if there are others.

> Basicly, it is something you DONT wan't to do

Actually, often it is.
-- 
##>  Petter Reinholdtsen <##    | pere at td.org.uit.no
 O-  <SCRIPT Language="Javascript">window.close()</SCRIPT>
http://www.hungry.com/~pere/    | Go Mozilla, go! Go!