Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: user flags in public temp space (was Re: chflags() [heads up])

From: atatat () ATATDOT NET (Andrew Brown)
Date: Thu, 5 Aug 1999 23:55:52 -0400


Possible long-term fixes we've theo-rized:


A strange pun.


yes.:)


c) Make root automatically override user-set flags (possibly will
create other complications for user-land programs relying on root
passing over such files).  This would be akin to Solaris 2.51 and 2.6's
ACLs.


This should also probably be looked into a bit more, but currently I
am leaning away from this being right.  It's a rather large change to
the way flags work.  Do we also then make dump not honour user
nodump.. oh, wait, dump is run by root.... no, that would not make
sense, would it.  So it becomes somewhat inconsistant.  To some
degree, securelevels are trying to make root more equal to users.


perhaps...it might be acceptable to allow root to unlink(2) files
inspite of user flags to the contrary at secure level 0?  that *would*
work around the immediate problem.

usually root is the only one running stuff at that level anyway,
right?

fwiw - imho, solaris acls are almost useless.  four out of five times
i'd tried to accomplish anything with them, it hasn't worked anyway.

--
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
andrew () crossbar com       * "information is power -- share the wealth."
Previous By Date Next
Previous By Thread Next

Current thread: