[Linux-disciples] Mkdir suid?
Dylan Thurston
dpt at bostoncoop.net
Tue Aug 17 23:45:06 EDT 2004
On Tue, Aug 17, 2004 at 11:26:11PM -0400, Stephen R Laniel wrote:
> I can't really think of why mkdir should run
> setuid. mkdir needs to check whether I have the credentials
> to create a directory in my current directory, so it needs
> to check the access privileges on the current directory. So
> it needs read access to /etc/passwd and /etc/group, I
> presume, but everyone has such access. Does anyone know if
> there was tighter security on those files under early
> Unices? Or am I missing something about how security works
> *now*?
I think it used to be that the superuser could damage the integrity of
the filesystem by, for instance, creating a directory without proper "."
and ".." entries, or making a directory that was a subdirectory of
itself. What they say in the quote you gave is that the raw command to
make a directory only made the completely empty directory, without even
the "." and ".." entries. So to protect the integrity of the file
system, only the superuser could call that system call.
Nowadays even the superuser can't create loops in the filesystem like
that, and creating directories is protected by the same permissions that
protect files, which is obviously the sane way to do it.
Peace,
Dylan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20040817/1895d55a/attachment.pgp
More information about the Linux-disciples
mailing list