How is a root owned file created by unprevileged user a probem?

[प्रवीण् ए (Praveen A)]

Hi Arky,

 Let define the problem first and then find a solution :-) I raised the
concern in #hurd channel and geot this response

Happy Hacking
Praveen

<j4v4m4n> we had a hurd demo today
<j4v4m4n> so there was this question about security assocated with the
unprevileged "login" user
<j4v4m4n> the files created by the user is owned by root
<j4v4m4n> how can this be explained to a unix guy?
<j4v4m4n> he was very upset with this, I couldn't explain the reasons
<bvk> can a guest *create* files?  i thought he gets only read access -- i
never tried though
<manuel> depends on the fourth set of permission bits
<manuel> j4v4m4n: actually it's set to the owner and group owner of the
parent directory
<manuel> j4v4m4n: how is that a problem?
* OdyX has quit (Read error: 104 (Connection reset by peer))
<manuel> since the setuid/setgid bit is ignored when it's created by an
unprivileged process
* schlesix (n=thomas at xdsl-81-173-230-41.netcologne.de) has joined #hurd
<j4v4m4n> manuel, how can we explain it to a guy from unix background that
anyone can create a file with root as an owner?
<manuel> j4v4m4n: well just ask him why is that a problem
<j4v4m4n> manuel, :-)
<j4v4m4n> manuel, I'll do that
<manuel> the only problem with root-owned files are the setuid/setgid bits,
AFAICS

-- 
"Value your freedom, or you will lose it, teaches history.
`Don't bother us with politics', respond those who don't want to learn."
-- Richard Stallman
Me scribbles at http://www.pravi.co.nr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://gnowledge.org/pipermail/fsug-bangalore/attachments/20060513/1071f246/attachment.html