Paul Howarth paul at
Wed Dec 7 15:29:03 UTC 2005

Matthew Miller wrote:
> On Wed, Dec 07, 2005 at 08:12:17AM -0500, Gene Heskett wrote:
>>>>>Cos' that user is only allowed to do cp mv and chmod, not anything
>>>>And thats enough to own the box.
>>If he can cp and mv something malicious, then chown it to a lower 
>>numbered user, I think he could gain root privs if he was suitably 
>>creative.  Maybe not, but it would certainly bear watching/logging IMO.
> ch*mod*, not chown. :)

Regular users can't normally run chown anyway, because these "file 
giveaways" are a well-known security issue.


More information about the fedora-list mailing list