SUID directories -- security concern?
Bill Sommerfeld
wesommer at athena.mit.edu
Tue Feb 27 12:18:05 AEST 1990
[i.e. If I ask someone to look at /foo/bar, the file they see
should be the one that I see. ]
It all depends on your definition of "same". You seem to imply that
it should always mean "having the exact same bit pattern as contents",
but that's not always meaningful.
If I tell someone to execute "~wesommer/bin/demo" they should wind up
executing the "demo" program appropriate to their machine's CPU type..
I shouldn't have to tell them "if you're on an xxx type of machine,
run "~wesommer/xxxbin/demo".
There are other approaches to this, such as the "compound executable"
found in Domain/OS (essentially an "archive"-like file containing
multiple executable formats; the program loader uses the portion of
the file that it finds interesting).
I agree, CDF's look like a kludge, and can be confusing *because you
have to do something special to see them as CDF's*. However, other
context-dependant-naming schemes which *are* visible using normal
tools -- like the various forms of variant symlinks in Domain/OS and
in other "multi-universe" systems, or the "magic cookie" approach of
the Andrew File System, are not particularly confusing, and are quite
useful.
- Bill
--
Henry Spencer is so much of a | Bill Sommerfeld at MIT/Project Athena
minimalist that I often forget | sommerfeld at mit.edu
he's there - anonymous |
More information about the Comp.unix.wizards
mailing list