makedir ownership question

Jay R. Ashworth jra at baylink.com
Mon Oct 31 11:37:56 PST 2005


On Mon, Oct 31, 2005 at 01:03:14PM -0500, Fairlight wrote:
> Question here...  Why does 'makedir' from fP need to be suid root?  To my
> knowledge, the only time it's used is when you create a new database
> directory via ddefine.  Since the heirarchy for $PFDIR should all be owned
> by 'filepro' since installation, why is suid filepro not sufficient?  Is it
> actually used for anything else at any other time?
> 
> Don't ask me why I just thought of this -right now-.  I've no idea.  It
> just kinda "popped in there" and I thought it was odd that it would need
> higher privs than any other fP module.
> 
> Humour someone that likes as few suid root programs on systems he works
> on as possible.  Actually, that's most knowledgeable admins--my ISP has
> their list down to only ping and traceroute on the public shell server.
> But I find this question especially important in light of the exploit that
> existed in makedir until a few years back.  Who knows what else is lurking
> in there?  Even if it's pristine now, one still wants as few suid root
> binaries as possible.

ISTR that some kernels require that root make directories, though I
couldn't tell you why I think that.  Especially since my /bin/mkdir
isn't SUID root.

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

	"NPR has a lot in common with Nascar... we both turn to the left."
		- Peter Sagal, on Wait Wait, Don't Tell Me!


More information about the Filepro-list mailing list