Re: Proposal: restrict link(2)

Alexander G. Burchell (
Mon, 16 Dec 1996 16:09:25 -0800 (PST)

Excerpts from Mail.kernel: 16-Dec-96 Re: Proposal: restrict link(2) (342*)

> Theodore Y. Ts'o:
> > Someone in Devel can trivial give write access to Beta Report merely by
> > leaving a setgid devel program in their homedirectory.

> I don't see any good reasons why ordinary users should be allowed
> to set set[ug]id bits. Perhaps that should be disallowed (at least
> as an option)? Would it break any standards?

> Marek

I've kept silent for a while about this pollution but I think it's time
to say something.

#1: This is not a kernel issue! This is a security issue! Once anyone
decides what needs to be fixed/updated in the kernel to "fix" any
security problems, the changes are so minor that they are not worth
discussing on a __kernel development list__.

#2: Just because someone sees "no good reason" for something doesn't
mean there is no such reason.

#3: Gratuitously changing kernel interfaces should be avoided whenever
possible. It just reduces the code base which can be run. Even if
there's "no good reason" for something, just the fact that it has been
done that way for many years should be argument enough to keep it,
lacking any __compelling __ argument to the contrary.

That's all, thanks.

Alexander G. Burchell

P.S. Ordinary users running setuid or setgid programs allows ordinary
users to write programs that can be run by many other ordinary users and
share data files in the author's home directory. Any bugs or security
leaks created by such programs are the __AUTHOR'S RESPONSIBILITY__.