setperms on linux
Brian K. White
brian at aljex.com
Wed Apr 12 21:57:28 PDT 2006
----- Original Message -----
From: "Fairlight" <fairlite at fairlite.com>
To: "filePro Mailing List" <filepro-list at lists.celestial.com>
Sent: Wednesday, April 12, 2006 8:30 PM
Subject: Re: setperms on linux
> On Wed, Apr 12, 2006 at 03:56:04PM -0700, Bill Campbell, the prominent
> pundit,
> witicized:
>> On Wed, Apr 12, 2006, Brian K. White wrote:
>> >Anyone using suse 10 by any chance?
>
> Missed this in a previously clipped quote.
>
> SuSE 10? *laugh* That's been the case since at -least- RH 6.2 era, and I'm
> pretty sure well before that. And he's first noticed this now?
>
> There's nothing specific to SuSE 10 about it.
The author of the utility himself just told me in an email that he only very
recently fixed a bug where the clear-suid action was optimized away when the
chown would have been a no-op, which is usually the case when you run
setperms. Usually, most of your files are already the same as what setperms
would do, so the clearing action would have been optimized away, and so yes,
I only just noticed it, because in fact it only just became a problem.
And I can think of ways this unexpected clearing of suid can be turned into
a security problem just as easily as the other way around so I don't see
what's so inherently comical.
What if a bin was suid nobody or guest or lp, and now, thanks to ignorance
of the principle of least surprise, it suddenly starts to run with the privs
of whoever/whatever happens to run it?
Brian K. White -- brian at aljex.com -- http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!
More information about the Filepro-list
mailing list