File create permissions, what am I missing?
João Carlos Mendes Luís
jonny at jonny.eng.br
Sun Aug 14 06:03:36 GMT 2005
Greg Black wrote:
> On 2005-08-13, Jo�o Carlos Mendes Lu�s wrote:
>
>>Brooks Davis wrote:
>>
>>>On BSD systems, the group of a file is always the group of the directory
>>>it is in. This differs from SysV UNIX. The resident grey-beard at work
>>>feels this is a new and annoying behavior. (i.e. it wasn't always this
>>>way. :)
>>
>>So this is expected behavior? Isn't this someway insecure?
>
>
> It is documented behaviour (see open(2) for details). How is it
> insecure?
I don't know how it could be unsecure. Is there any specifc reason for it to be
different on SYSV and Linux? Or is it just a different choice?
I could not find any vulnerability, but I do not like the idea that a user could
create files belonging to a group himself does not belong. My first attempt was
to mark this file setgid, but the system denies it: It is my file, but I am not
in the file's group. That would be too easy. ;-)
Nevertheless, if somebody leaves a directory writeable by anoybody, he should
know what he's doing. If I could just make /tmp not writeable... ;-)
More information about the freebsd-hackers
mailing list