chown problems
in [Shell]
|
From: Seebs on 28 Apr 2010 18:14 On 2010-04-28, pk <pk(a)pk.invalid> wrote: > "If the specified file is a regular file, one or more of the S_IXUSR, > S_IXGRP, or S_IXOTH bits of the file mode are set, and the process does not > have appropriate privileges, the set-user-ID (S_ISUID) and set-group-ID > (S_ISGID) bits of the file mode shall be cleared upon successful return from > chown(). If the specified file is a regular file, one or more of the > S_IXUSR, S_IXGRP, or S_IXOTH bits of the file mode are set, and the process > has appropriate privileges, it is implementation-defined whether the set- > user-ID and set-group-ID bits are altered." > My understanding is that here we're in the "process has appropriate > privileges" case, as we are assuming that the owner can change ownership of > the file. So far as I know, "has appropriate privileges" is a fancy way of saying "is root". It doesn't mean "has privileges for this particular operation", it means "has all conceivable privileges". At least, in the past, it seems it has been consistently used that way. So if you aren't root, you do not have "appropriate privileges" to change the ownership of a file and leave it still setuid. Even if you're allowed to change the ownership. -s -- Copyright 2010, all wrongs reversed. Peter Seebach / usenet-nospam(a)seebs.net http://www.seebs.net/log/ <-- lawsuits, religion, and funny pictures http://en.wikipedia.org/wiki/Fair_Game_(Scientology) <-- get educated!
From: pk on 29 Apr 2010 04:03 Seebs wrote: > On 2010-04-28, pk <pk(a)pk.invalid> wrote: >> "If the specified file is a regular file, one or more of the S_IXUSR, >> S_IXGRP, or S_IXOTH bits of the file mode are set, and the process does >> not have appropriate privileges, the set-user-ID (S_ISUID) and >> set-group-ID (S_ISGID) bits of the file mode shall be cleared upon >> successful return from chown(). If the specified file is a regular file, >> one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the file mode are >> set, and the process has appropriate privileges, it is >> implementation-defined whether the set- user-ID and set-group-ID bits are >> altered." > >> My understanding is that here we're in the "process has appropriate >> privileges" case, as we are assuming that the owner can change ownership >> of the file. > > So far as I know, "has appropriate privileges" is a fancy way of saying > "is root". It doesn't mean "has privileges for this particular > operation", it means "has all conceivable privileges". At least, in the > past, it seems it has been consistently used that way. So if you aren't > root, you do not have "appropriate privileges" to change the ownership of > a file and leave it still setuid. Even if you're allowed to change the > ownership. Ah thanks, this is good info and is probably what I was missing.
From: Geoff Clare on 29 Apr 2010 09:12 Seebs wrote: > So far as I know, "has appropriate privileges" is a fancy way of saying "is > root". Here's the definition from POSIX: 3.20 Appropriate Privileges An implementation-defined means of associating privileges with a process with regard to the function calls, function call options, and the commands that need special privileges. There may be zero or more such means. These means (or lack thereof) are described in the conformance document. There's no requirement for privileges to be all-or-nothing as in the old "superuser" privilege model. For example, a process could have appropriate privilege to chown() files without having appropriate privilege for other things such as killing processes. -- Geoff Clare <netnews(a)gclare.org.uk>
From: pk on 29 Apr 2010 09:40 Geoff Clare wrote: > Seebs wrote: > >> So far as I know, "has appropriate privileges" is a fancy way of saying >> "is root". > > Here's the definition from POSIX: > > 3.20 Appropriate Privileges > > An implementation-defined means of associating privileges with a > process with regard to the function calls, function call options, > and the commands that need special privileges. There may be zero or > more such means. These means (or lack thereof) are described in the > conformance document. > > There's no requirement for privileges to be all-or-nothing as in > the old "superuser" privilege model. For example, a process could > have appropriate privilege to chown() files without having appropriate > privilege for other things such as killing processes. So in the hypothetical case at hand, where the file owner is allowed to change ownership of the file, would a "chown" process started by that user be classified as "having appropriate privileges" or not?
From: Jon LaBadie on 29 Apr 2010 10:25 pk wrote: > Geoff Clare wrote: > >> Seebs wrote: >> >>> So far as I know, "has appropriate privileges" is a fancy way of saying >>> "is root". >> Here's the definition from POSIX: >> >> 3.20 Appropriate Privileges >> >> An implementation-defined means of associating privileges with a >> process with regard to the function calls, function call options, >> and the commands that need special privileges. There may be zero or >> more such means. These means (or lack thereof) are described in the >> conformance document. >> >> There's no requirement for privileges to be all-or-nothing as in >> the old "superuser" privilege model. For example, a process could >> have appropriate privilege to chown() files without having appropriate >> privilege for other things such as killing processes. > > So in the hypothetical case at hand, where the file owner is allowed to > change ownership of the file, would a "chown" process started by that user > be classified as "having appropriate privileges" or not? > On the three systems I have at hand each of the man pages for chown(2), the system call, not the command, specify suid/sgid are cleared if not super-user. Of course these are implementations and as Geoff pointed out, this is not a standards requirement.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 5 Prev: Dealing with different number of fields in a file Next: Linuxrc and nash |