[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: chown before chmod in gzip.c copy_stat prevents chmod
|
From: |
Bob Proulx |
|
Subject: |
Re: chown before chmod in gzip.c copy_stat prevents chmod |
|
Date: |
Sat, 16 Jun 2007 19:08:32 -0600 |
|
User-agent: |
Mutt/1.5.9i |
Paul Eggert wrote:
> "O'Connor, Russell" <address@hidden> writes:
> > The file gets gzipped in the HPUX NFS case, too, but since the chown
> > works and the chmod fails, everyone but the owner loses access to it,
> > which is not OK.
>
> I suggest using the HP-UX setprivgrp command (or modifying
> /etc/privgroup) so that ordinary users cannot give away their files
> via chown. It's a bit more secure that way, anyway; that's why most
> OSes default to doing it this way nowadays. I suspect HP-UX defaults
> to the insecure behavior for historical reasons only.
Agreed. For HP-UX that is a good suggestion. In particular creating
the following file will do this. It gets loaded at boot time and can
be set interactively with 'sudo setprivgrp -n CHOWN'.
File /etc/privgroup:
-n CHOWN
> If you do that, you shouldn't need to modify gzip.
Also if you don't do that then there will be a lot of free software
programs that won't work because today almost all assumptions are that
the above is the operating mode. I stopped trying to swim upstream
and converted all of my HP-UX systems years ago and have not had any
issues because of it. Now it is a point of interoperability between
HP-UX and GNU/Linux.
Bob