* Raffaele Sandrini ([EMAIL PROTECTED]) [020925 00:30]: > I tested the following: As a normal user i crated a file in my homedir. > % touch test > > I changed it to a exec file. > % chmod 700 test > > No i set the superuser bit > % chmod +s test > > It worked(!!!!!). That means that a user can download for example a BASH > binary and set the superuser bit for it ans has root privileges ??!! > > Am i missing here something?
Yes. =) +s is the setuid bit, not the 'superuser bit' (there is no such thing). man chmod, take a deep breath, and test that your u+s binary does not in fact run with root privileges. good times, Vineet -- http://www.doorstop.net/ -- #include<stdio.h> int main() { puts("Reader! Think not that \n" "technical information \n" "ought not be called speech;"); return 0; }
msg03458/pgp00000.pgp
Description: PGP signature
