>
> On Thu, 30 Mar 2000, Stan Isaacs wrote:
>
> > After looking at both the redhat archives, and freebsd, I guess I'm
> > convinced that chown won't work, by default, for non-root users. Is there
> > any way to change that default on Redhat Linux 6.1?
>
> It's not a default, it's a concept. Allowing anything else would be VERY
> stupid, as it would allow stuff like
>
> cat >evil.sh <<EOF
> #!/bin/sh
> rm -rf ~someone/* ~someone/.*
> EOF
> chmod 4755 evil.sh
> chown someone evil.sh
> ./evil.sh
I don't think suid settings should be preserved across chown, which is
what makes that work. And, besides, I don't think suid does anything when
the file is a script, so I'm not sure it even applies in your example.
At least some other versions of UNIX (I use HPUX) allow chown, and don't
have this "evil" problem - they just don't carry over the suid bits.
> > Shouldn't the man pages for chown talk about this? Again, how can I
> > keep telling my students to read the man pages, if they don't even
> > give facts like who can execute a command? In fact, why isn't the command
> > in /usr/sbin (or /sbin?), with the other system commands?
>
> You can do stuff like
> chown you.someothergroup file
> when you're a member of someothergroup.
Then you're right that it has to be accessable, but it still needs
clear information on the man page!
-- Stan Isaacs
> LLaP
> bero
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
