Re: Bits from the release team: the plans for etch
Stephen Frost <firstname.lastname@example.org> writes:
> * Thomas Bushnell BSG (email@example.com) wrote:
>> Stephen Frost <firstname.lastname@example.org> writes:
>> > Same way you know that the system administrator hasn't modified a file
>> > in /usr/bin.
>> Um, I know that by comparing the contents against a known-true
>> version. How do I detect whether the system administrator has used a
> Except last I checked, we don't do such comparison. If you really
> wanted to know if the UID was used you could do a find /, etc. Neither
> is necessary though, which is the point.
So what? My point is that it is not *possible* to determine that a
uid hasn't been used for some unexpected purpose. You said we should
reuse the uid if it hasn't been so used. Are you now saying that we
should reuse it and not try to figure out at all?
Find on / of course doesn't work. Well, it works if you never make
backups or use removable media. Uh huh.
>> Moreover, the consequences of getting the one wrong are that you
>> delete the sysadmin's changes. The consequences of the other are an
>> important and difficult-to-detect security hole.
> This is just patently false, as has been pointed out elsewhere. What
> security hole, exactly, is created by orphaning a file?
The UID gets reused, and the new possessor of the UID suddenly owns
the old files.