[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chmod/chown -R - maybe an ITP

On Wed 15 Dec 1999, Brian May wrote:

> >>>>> "Russell" == Russell Coker <russell@coker.com.au> writes:
>     Russell> Are programs like this in Debian already (seems that
>     Russell> almost everything else is)?  If not does anyone know of
>     Russell> some good programs in existance that I could package?  If
>     Russell> not consider this a maybe ITP to write and package some
>     Russell> new programs to do this (please send me any suggestions
>     Russell> you may have).
> Does the Debian package tmpreaper solve the same problem?

Hardly, tmpreaper removes files, it doesn't chown/chgrp files.

It does its best to detect exploits (such as symlink stuff), but
those are a different set of exploits to the ones applicable to
chown/chgrp actions. Specifically the fact that you can hardlink
any file you can see is the cause of trouble there. IMHO that
"feature" should be disabled in the kernel.

Paul Slootman
home:       paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work:       paul@murphy.nl       http://www.murphy.nl/
debian:     paul@debian.org      http://www.debian.org/
isdn4linux: paul@isdn4linux.de   http://www.isdn4linux.de/

Reply to: