> |> > In other variants of Unix, this test is not applied to directories, where
> |> > the setgid bit does not have the same security implications as it does for
> |> > files (rather it signals that BSD group ID behavior is to be used on new
> |> Yes, it does. Anyone who is allowed to create files in that directory can
> |> quite easily start a sgid-program to get membership of the group.
> How that? The setgid bit of a directory is only inherited by directories,
> not by the other types of files.
Not inherited, but it can be set by the owner of the file. (Well, in a
security-aware enviroment there wont be access to an sgid-directory for
non-group-members, but there you wont need setting back sgid at all,
because the user/admin will do it if necessary before chown'ing.)
Andi
--
Andreas Barth <aba@muenchen.pro-bahn.org> PGP-Key auf Anforderung
======PGP-Fingerabdruck DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C======
Aber die Halbwertszeit der Planungen der Stadtwerke werden wohl
auch immer kuerzer ... Lucas Neubauer
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/