Re: chown, quotas and security

[neil () legless demon co uk (Neil Woods)]

> I agree that cluttering up the kernel would be wrong, though, and would
> suggest either a setuid c wrapper around chown to check ownership
> or hacking chown to do the check and making it setuid, the former
> probably being preferable.

I disagree, the kernel is the correct place - indeed svr4 has a kernel
config option, RSTCHOWN, to do precisely this.

The setuid wrapper would introduce a race condition, you'd need to write
your own version of chown using fchown, and be extremely careful checking
perms.

Neil

-- 
Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual,
Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control.

        ...like a badger with an afro throwing sparklers at the Pope...