[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chown before chmod in gzip.c copy_stat prevents chmod

From: Bob Proulx
Subject: Re: chown before chmod in gzip.c copy_stat prevents chmod
Date: Sat, 16 Jun 2007 19:08:32 -0600
User-agent: Mutt/1.5.9i

Paul Eggert wrote:
> "O'Connor, Russell" <address@hidden> writes:
> > The file gets gzipped in the HPUX NFS case, too, but since the chown
> > works and the chmod fails, everyone but the owner loses access to it,
> > which is not OK.
> I suggest using the HP-UX setprivgrp command (or modifying
> /etc/privgroup) so that ordinary users cannot give away their files
> via chown.  It's a bit more secure that way, anyway; that's why most
> OSes default to doing it this way nowadays.  I suspect HP-UX defaults
> to the insecure behavior for historical reasons only.

Agreed.  For HP-UX that is a good suggestion.  In particular creating
the following file will do this.  It gets loaded at boot time and can
be set interactively with 'sudo setprivgrp -n CHOWN'.

  File /etc/privgroup:
  -n CHOWN

> If you do that, you shouldn't need to modify gzip.

Also if you don't do that then there will be a lot of free software
programs that won't work because today almost all assumptions are that
the above is the operating mode.  I stopped trying to swim upstream
and converted all of my HP-UX systems years ago and have not had any
issues because of it.  Now it is a point of interoperability between
HP-UX and GNU/Linux.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]