Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Be careful with this' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Be careful with this
Authored by: gxw on Nov 20, '02 07:50:22PM

The use of +s in chmod can open up some real nasty security holes!!
I have seen a lot of security bulletins come out for Linux due to the use of the "s" bits. If you have executable files tagged with the +s they will run under the permissions of that owner or group (u+s or g+s).
Example:
An executable file that is owned by root and world executable (o+x) will run with root's permissions if the +s attribute is applied to the owner's permissions.

In the case of this hint, if the group membership is set to wheel, and you apply a g+s to an execcutable file, this file will assume wheel's permissions when it is run.

It would probably be better to do something with a umask (don't know where to get more info about umask) or to use chmod & chown with the -R switches (recursive) so you can avoid the +s stuff.



[ Reply to This | # ]
Be careful with this
Authored by: bluehz on Nov 22, '02 09:34:20AM

I am not real up to date on this - but I thought there was a method to give permissions to dir so that anything dropped into the dir assumes those permissions. Is this not correct?

In my case - I have a web dir I drop files into all the time for download but I have to go in and manually give the files web ownership before they are downloadable. Isn't there a method that autosets the permissions?



[ Reply to This | # ]