Re: suid bit on directories

Albert D. Cahalan (acahalan@cs.uml.edu)
Mon, 20 May 2002 15:17:32 -0400 (EDT)


Jesse Pollard writes:
> Michael Hoennig <michael@hostsharing.net>:
>> [Jesse Pollard???]

>>> No. You loose the fact that the file was NOT created by the user.
>>
>> the user in my example above would be wwwrun or httpd - and that does not
>> make any sense at all! It would make much more sense if the new files
>> belonged to the owner of the directory, who is the one who owns the
>> virtual host.
>
> You can't tell who the user is. ANY user would be able to do that.

If you have a setuid directory, then you accept responsibility
for anything that other people place in that directory.

If you are the admin, you hold the owner of a setuid directory
responsible for everything that gets put in it.

>>>> I do not even see a security hole if nobody other than the user itself
>>>> and httpd/web can reach this area in the file system, anyway. And it
>>>> is still the users decision that files in this (his) directory should
>>>> belong to him.
>>>
>>> 1. users will steal/bypass quota controls
>>
>> Not in my example - acutally even the other way around.
>
> And just how is it prevented? quotas are applied based on either group
> or user. Normally it is based on user. Once the uid is set, then the
> quotas start being deducted. If the the user procedes to store 10 G of
> music files, who is charged? And how do you know who put them there.

Duh, this is a web server.

If you really don't understand, then read up on dynamic
web stuff and web authentication:

cgi-bin, PHP, WebDAV, Java servlets, SSL...

>>> 2. Consider what happens if a user creates a file in such a directory
>>> and it is executable. - since the file is fully owned by a different
>>> user, it appears to have been created by that user. What protection
>>> mask is on the file? Can the creator (not owner) make it setuid?
>>> (nasty worm propagation method)

Oh please. Do you know that Linux supports a setgid bit
on directories? Well, it does, just the same as SysV.
Go ahead, try to get setgid for a group you aren't in.
Linux will even take away your setuid bit for trying.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/