setperms on linux

Brian K. White brian at aljex.com
Wed Apr 12 21:57:28 PDT 2006


----- Original Message ----- 
From: "Fairlight" <fairlite at fairlite.com>
To: "filePro Mailing List" <filepro-list at lists.celestial.com>
Sent: Wednesday, April 12, 2006 8:30 PM
Subject: Re: setperms on linux


> On Wed, Apr 12, 2006 at 03:56:04PM -0700, Bill Campbell, the prominent 
> pundit,
> witicized:
>> On Wed, Apr 12, 2006, Brian K. White wrote:
>> >Anyone using suse 10 by any chance?
>
> Missed this in a previously clipped quote.
>
> SuSE 10? *laugh* That's been the case since at -least- RH 6.2 era, and I'm
> pretty sure well before that.  And he's first noticed this now?
>
> There's nothing specific to SuSE 10 about it.

The author of the utility himself just told me in an email that he only very 
recently fixed a bug where the clear-suid action was optimized away when the 
chown would have been a no-op, which is usually the case when you run 
setperms. Usually, most of your files are already the same as what setperms 
would do, so the clearing action would have been optimized away, and so yes, 
I only just noticed it, because in fact it only just became a problem.

And I can think of ways this unexpected clearing of suid can be turned into 
a security problem just as easily as the other way around so I don't see 
what's so inherently comical.
What if a bin was suid nobody or guest or lp, and now, thanks to ignorance 
of the principle of least surprise, it suddenly starts to run with the privs 
of whoever/whatever happens to run it?

Brian K. White  --  brian at aljex.com  --  http://www.aljex.com/bkw/
+++++[>+++[>+++++>+++++++<<-]<-]>>+.>.+++++.+++++++.-.[>+<---]>++.
filePro  BBx    Linux  SCO  FreeBSD    #callahans  Satriani  Filk!



More information about the Filepro-list mailing list