Re: mkdir() and group id

[Oystein Viggen]

* [Thomas Bushnell, BSG] 

> Yes, group 0 is the wheel group.  HOW DOES THIS CAUSE A SECURITY
> ISSUE?  Please be specific and not vague.

Combined with umask 002 (suggested by yourself), this gives members of
the wheel group write access to all files created in /tmp by default, as
these files will be writable for group root.  This is bad, as I don't
believe being a member of the wheel group should give access to mess
with other peoples files without actually typing in su and the root
password.

(This is based on the assumption that the only function of the wheel
group is to say who gets to su to root.  We have adm and staff for the
other stuff.)

This doesn't really become a security issue until a wheeled account is
stolen, but then again, there are generally more interesting things to
do if you can get at the account of someone who regurlarly types in the
root password.

Changing wheel to another group than 0, or changing the group of /tmp to
a group with no members (such as a new "tmp" group) are probably the two
simplest ways to clean this up.

Hope I'm making a bit more sense this time around.

Oystein
-- 
When in doubt: Think again.