On Tue, 23 Mar 2004, Rafal Skoczylas wrote: > from mount(8): > [...] > suiddir > A directory on the mounted file system will respond to > the SUID bit being set, by setting the owner of any new > files to be the same as the owner of the directory. New > directories will inherit the bit from their parents. > Execute bits are removed from the file, and it will not > be given to root. > > This feature is designed for use on fileservers serving > PC users via ftp, SAMBA, or netatalk. It provides secu- > rity holes for shell users and as such should not be used > on shell machines, especially on home directories. > [...] > > Additionaly, would someone be so kind to describe the risk caused by using > SUIDDIR (mentioned in man) in more detail? Is there any "hidden" risk > except those obvious (like created files that look like if someone else > created them)? I tried searching google for such information but with > no luck so far. Imagine a scenario where a user uploads via SMB a windows executable and another trojans it. User 1 has no idea that the file has been tampered with and runs it. You've got yourself a problem. Regards, > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >Received on Wed Mar 24 2004 - 09:21:53 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:48 UTC