On Sat, 16 Oct 1999, Mike Nowlin wrote:
>
> > SUIDDIR will work for any user EXCEPT ROOT
> > I did this because I felt it was a security hole to allow users to create
> > files owned by root.
> > (from memory it will also refuse to do files that have the execute bit set
> > but I can't remember for sure)
>
> In a mildly drunken state, I respond..... :)
>
> Without looking, I'd imagine that if the chmod command of FTP will allow
> you to do a "chmod 4755 file-I-just-uploaded" -- if you have the ability
> to execute programs on the machine you uploaded to, this could be a major
> problem..... Hence, I'd agree with your decision.
Since the ftp daemon will create files without the x bits set, they will
succeeed, and will immediatly be owned by the owner of the directory.
The sender no-longer owns them and cannot set mode bits, whether or not
the ftp daemon would allow it to.
>
> --mike
>
>
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
