[EMAIL PROTECTED] (Thomas Bushnell, BSG) wrote:
> Oystein Viggen <[EMAIL PROTECTED]> writes:
>> Combined with umask 002 (suggested by yourself), this gives members of
>> the wheel group write access to all files created in /tmp by default, as
>> these files will be writable for group root.
...
> I
Oystein Viggen <[EMAIL PROTECTED]> writes:
> * [Thomas Bushnell, BSG]
>
> > Yes, group 0 is the wheel group. HOW DOES THIS CAUSE A SECURITY
> > ISSUE? Please be specific and not vague.
>
> Combined with umask 002 (suggested by yourself), this gives members of
> the wheel group write access t
* [Thomas Bushnell, BSG]
> Yes, group 0 is the wheel group. HOW DOES THIS CAUSE A SECURITY
> ISSUE? Please be specific and not vague.
Combined with umask 002 (suggested by yourself), this gives members of
the wheel group write access to all files created in /tmp by default, as
these files wil
Oystein Viggen <[EMAIL PROTECTED]> writes:
> As I previously said, there are Linux distributions that use group 0 as
> the wheel group. The easy solution is of course just telling the
> distributors in question that this is a stupid idea on the Hurd, and
> leave them to deal with it.
Yes, group
* [Thomas Bushnell, BSG]
> Right. If you want copy-gid-on-setgid, then you need to inherit
> setgid. If not, then not.
Obviously correct. I was assuming that setgid was not inherited, but it
is. Just to be sure, I tested it, too.
So we end up with the SysV/Linux way being able to emulate t
Marcus Brinkmann <[EMAIL PROTECTED]> writes:
> On Fri, Apr 26, 2002 at 02:15:53PM -0700, Thomas Bushnell, BSG wrote:
> > I was just told that the setgid bit does get inherited on the new
> > directories.
>
> Not in the Hurd, though. I guess this would only be so if you activate
> the sysvgroup
[EMAIL PROTECTED] (Paul Jarc) writes:
> [EMAIL PROTECTED] (Thomas Bushnell, BSG) wrote:
> > (You only inherit gid if you are a member of the group.)
>
> False.
Sorry, you're correct. It is, however, no security hole of the sort
that was being implied.
__
On Fri, Apr 26, 2002 at 02:15:53PM -0700, Thomas Bushnell, BSG wrote:
> I was just told that the setgid bit does get inherited on the new
> directories.
Not in the Hurd, though. I guess this would only be so if you activate
the sysvgroups option (assuming you are cool with such an option)
> >
[EMAIL PROTECTED] (Thomas Bushnell, BSG) wrote:
> (You only inherit gid if you are a member of the group.)
False.
$ ls -ld foo
drwxr-sr-x2 prj 12348 Apr 26 17:21 foo
$ id
uid=500(prj) gid=65534(default) groups=65534(default),500(prj),300(users)
$ mkdir foo/bar
$ ls -ld foo/ba
Oystein Viggen <[EMAIL PROTECTED]> writes:
> The difference is that the SysV way won't work for more than one level
> of directories. Once you start making dirs within dirs[1], your sgid is
> not inherited, and group ownership falls back to your default group,
> instead of what you want.
I was
> How about making it a libdiskfs option (assuming it is diskfs making this
> decision)? Linux has this option for mount:
That sounds fine to me. It is very easy to implement.
___
Bug-hurd mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/li
On Fri, Apr 26, 2002 at 10:35:52AM -0700, Thomas Bushnell, BSG wrote:
> As long as the setgid bit is inherited too, then yeah, this works as
> well.
Yes, it is on Linux.
> But I think I'd prefer to leave the Hurd as-is. Among other things,
> it will help Debian out and make portability *better
On Fri, Apr 26, 2002 at 09:57:44AM -0700, Thomas Bushnell, BSG wrote:
> The reason why the copy-gid-from directory behavior is better:
How about making it a libdiskfs option (assuming it is diskfs making this
decision)? Linux has this option for mount:
grpid or bsdgroups / nogrpid or sys
Oystein Viggen <[EMAIL PROTECTED]> wrote:
> The difference is that the SysV way won't work for more than one level
> of directories. Once you start making dirs within dirs[1], your sgid is
> not inherited, and group ownership falls back to your default group,
> instead of what you want.
False.
$
On Fri, Apr 26, 2002 at 09:57:44AM -0700, Thomas Bushnell, BSG wrote:
> Marcus Brinkmann <[EMAIL PROTECTED]> writes:
>
> > > I think that I prefer Linux's behaviour.
> >
> > I think, too, esp because of the sgid flag. I wonder what Thomas thinks.
>
> The reason why the copy-gid-from directory
* [Paul Jarc]
> This works with the SysV (aka Linux) behavior as well: if a directory
> is setgid, any files created within it inherit the group id, and any
> directories created within it inherit both the group id and the setgid
> bit.
The difference is that the SysV way won't work for more th
[EMAIL PROTECTED] (Paul Jarc) writes:
> This works with the SysV (aka Linux) behavior as well: if a directory
> is setgid, any files created within it inherit the group id, and any
> directories created within it inherit both the group id and the setgid
> bit.
As long as the setgid bit is inheri
[EMAIL PROTECTED] (Thomas Bushnell, BSG) wrote:
> A given project might be group "foobie", and all the people working on
> that project are in the group. They use a umask of 002. Everything
> works Just Great! Because when they create files or directories
> inside the project, they automaticall
Marcus Brinkmann <[EMAIL PROTECTED]> writes:
> > I think that I prefer Linux's behaviour.
>
> I think, too, esp because of the sgid flag. I wonder what Thomas thinks.
The reason why the copy-gid-from directory behavior is better:
Imagine a rich set of groups on your computer--representing pro
On Thu, Apr 25, 2002 at 08:33:06PM -0400, Joshua Judson Rosen wrote:
> > , and relieves us from fixing the broken package build scripts (I am
> > not sure how many there are. Potentially many, but as long as you
> > build as root in root owned directories
>
> or use fakeroot?
Please port it to
On Fri, Apr 26, 2002 at 02:00:44AM +0200, Marcus Brinkmann wrote:
[... Marcus writes about The Hurd's node-creation uses parent-dir's group...]
> One remark is that defaulting to giving it the group id of the
> parent directory makes the sgid flag a bit pointless.
> So it seems to be more featur
This is indeed the BSD behavior, though it was a surprise to me too. I
thought BSD invented the setgid bit on directories behavior. But current
NetBSD and FreeBSD systems certainly have the same straightforward behavior
that new files always get the st_gid value of the containing directory.
(As
On Fri, Apr 26, 2002 at 02:19:35AM +0200, Marcus Brinkmann wrote:
> broken packages. So there is no Hurd bug here after all. It's a merry
> mixture of bugs in tar, dpkg and the debian/rules scripts of the packages.
Actually, tar's behaviour is documented. The numbers are not random but
taken f
On Fri, Apr 26, 2002 at 02:00:44AM +0200, Marcus Brinkmann wrote:
> broken package build scripts (I am not sure how many there are. Potentially
> many, but as long as you build as root in root owned directories we won't
> easily notice most of them).
Actually, one interesting piece of informatio
Hi,
I have found a part of the gid problem. In quite some cases, the gid in the
packages was not random but the id of my user marcus. This is because the
packages assume the Linux behaviour of mkdir() and open(..., O_CREAT):
ulysses:/tmp# mkdir foo
ulysses:/tmp# chgrp marcus foo
ulysses:/tmp#
25 matches
Mail list logo
