makedir ownership question
Jay R. Ashworth
jra at baylink.com
Mon Oct 31 11:37:56 PST 2005
On Mon, Oct 31, 2005 at 01:03:14PM -0500, Fairlight wrote:
> Question here... Why does 'makedir' from fP need to be suid root? To my
> knowledge, the only time it's used is when you create a new database
> directory via ddefine. Since the heirarchy for $PFDIR should all be owned
> by 'filepro' since installation, why is suid filepro not sufficient? Is it
> actually used for anything else at any other time?
>
> Don't ask me why I just thought of this -right now-. I've no idea. It
> just kinda "popped in there" and I thought it was odd that it would need
> higher privs than any other fP module.
>
> Humour someone that likes as few suid root programs on systems he works
> on as possible. Actually, that's most knowledgeable admins--my ISP has
> their list down to only ping and traceroute on the public shell server.
> But I find this question especially important in light of the exploit that
> existed in makedir until a few years back. Who knows what else is lurking
> in there? Even if it's pristine now, one still wants as few suid root
> binaries as possible.
ISTR that some kernels require that root make directories, though I
couldn't tell you why I think that. Especially since my /bin/mkdir
isn't SUID root.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
"NPR has a lot in common with Nascar... we both turn to the left."
- Peter Sagal, on Wait Wait, Don't Tell Me!
More information about the Filepro-list
mailing list