Posted by Jerry Stuckle on 12/05/07 20:45

The Natural Philosopher wrote:
> Jerry Stuckle wrote:
>> Toby A Inkster wrote:
>>> Jerry Stuckle wrote:
>>>
>>>> If your system is set up properly, inly the owner or root can chown() a
>>>> file.
>>>
>>> Actually, unless you've set your system up unusually, only root can.
>>>
>>> Technically, the owner of the file *can* chown it, but they can't
>>> assign ownership to any other user -- they can only chown it to
>>> themself, which is rather pointless.
>>>
>>> In short, unless you're root, you can't use chown to assign ownership
>>> to someone else.
>>> This is for very valid security reasons. You could, for instance,
>>> write and compile a C program which did the equivalent of "rm -fr /",
>>> give it permissions 4755 (executable and readable, with setuid bit),
>>> chown it to root and then run it, wiping out the entire system.
>>>
>>
>> Nope, I can do it just find on my system. But your idea of rm -fr
>> won't work - the script will execute under the user's permissions.
>> You would have to change the su bit on the shell's executable - and
>> only root can do that.
>>
>> Even chown'ing it to root will not make any difference as far as the
>> script goes. Ownership of the script does not affect permissions of
>> the user running the script.
>>
> unless it has su rights assigned to it.
>

You can't assign su rights to a script. Actually, you can, but it won't
do any good. The script is not the executable. The shell driver
program is.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]