Re: chown and security

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Richard Gooch: "Re: chown and security"
• Previous message: Albert D. Cahalan: "Re: chown and security"
• Next in thread: Pavel Machek: "Re: chown and security"
• Reply: Pavel Machek: "Re: chown and security"

> Updating the man pages for system calls, I noticed
> that we have an lchown these days. Hopefully everybody
> is aware of the fact that every old chown(1) is now a
> security risk on every recent Linux system.
> ["chown -R foo /home/bar" will now change the ownership
> of /etc/passwd if there was a symbolic link to that
> under /home/bar.]

This is very bad. Perhaps the behaviour should be made an sysctl
option, with the default to the old chown semantics.

Linus, would you accept a patch for that?

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

• Next message: Richard Gooch: "Re: chown and security"
• Previous message: Albert D. Cahalan: "Re: chown and security"
• Next in thread: Pavel Machek: "Re: chown and security"
• Reply: Pavel Machek: "Re: chown and security"