Bugtraq mailing list archives
Re: user flags in public temp space (was Re: chflags() [heads up])
From: atatat () ATATDOT NET (Andrew Brown)
Date: Thu, 5 Aug 1999 23:55:52 -0400
Possible long-term fixes we've theo-rized:A strange pun.
yes.:)
c) Make root automatically override user-set flags (possibly will create other complications for user-land programs relying on root passing over such files). This would be akin to Solaris 2.51 and 2.6's ACLs.This should also probably be looked into a bit more, but currently I am leaning away from this being right. It's a rather large change to the way flags work. Do we also then make dump not honour user nodump.. oh, wait, dump is run by root.... no, that would not make sense, would it. So it becomes somewhat inconsistant. To some degree, securelevels are trying to make root more equal to users.
perhaps...it might be acceptable to allow root to unlink(2) files inspite of user flags to the contrary at secure level 0? that *would* work around the immediate problem. usually root is the only one running stuff at that level anyway, right? fwiw - imho, solaris acls are almost useless. four out of five times i'd tried to accomplish anything with them, it hasn't worked anyway. -- |-----< "CODE WARRIOR" >-----| codewarrior () daemon org * "ah! i see you have the internet twofsonet () graffiti com (Andrew Brown) that goes *ping*!" andrew () crossbar com * "information is power -- share the wealth."
Current thread:
- user flags in public temp space (was Re: chflags() [heads up]) Strange (Aug 04)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Brett Lymn (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Jason Bratton (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Theo de Raadt (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Andrew Brown (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Theo de Raadt (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Tim Fletcher (Aug 06)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 07)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Doug Harple (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Brett Lymn (Aug 05)
- Re: user flags in public temp space (was Re: chflags() [heads up Adam Morris (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up James E. Pace (Aug 10)
- New cfingerd 1.4.0 - Configurable Finger Daemon Martin Schulze (Aug 10)
- profil(2) bug, a simple test program Ross Harvey (Aug 09)