OT: chown and permissions
Jay R. Ashworth
jra at baylink.com
Sat Apr 15 12:39:05 PDT 2006
On Wed, Apr 12, 2006 at 08:28:01PM -0400, Fairlight wrote:
> Oh, now here's a gem. I got thinking about tar, right? WORSE: rsync! I
> just rsync'd a file that's 4755 fairlite on my linux box to a totally
> different account on Solaris. It maintained the suid bit. I can't believe
> that. Very tempted to submit that as a vulnerability. That's just wrong
> on so many levels. There's -no- mechanism for matching users there.
IMHO, rsync should not be able to set the S*ID bits on any file it touches
unless the file is of the same ownership as the user running the
program, or that user is root -- and while I see that this can cause
problems when the two machines are not {under the same administrative
span of control,using the same UID map}, that's an installer
administrative issue; the code should provide a mechanism to be even
more secure -- and perhaps even default to it -- but should also allow
the more relaxed behavior.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on Usenet and in e-mail?
More information about the Filepro-list
mailing list