|
|
Posted by The Natural Philosopher on 12/05/07 11:44
Toby A Inkster wrote:
> Jerry Stuckle wrote:
>
>> If your system is set up properly, inly the owner or root can chown() a
>> file.
>
> Actually, unless you've set your system up unusually, only root can.
I tested this last night. I was easily able to change a file that I
owned to somebody else..
No non standard permssions required.
>
> Technically, the owner of the file *can* chown it, but they can't assign
> ownership to any other user -- they can only chown it to themself, which
> is rather pointless.
>
> In short, unless you're root, you can't use chown to assign ownership to
> someone else.
>
> This is for very valid security reasons. You could, for instance, write
> and compile a C program which did the equivalent of "rm -fr /", give it
> permissions 4755 (executable and readable, with setuid bit), chown it to
> root and then run it, wiping out the entire system.
>
Navigation:
[Reply to this message]
|