Sun, 29 Jun 1997 16:12:22 +0200
|
On Sun, 29 Jun 1997 10:02:07 -0400 David R Nessl <[log in to unmask]> said:
>The technical problem in Unix is symlinks: a clever user could move
>their /u/username/list-archives directory to another place and create
>the symlink /u/username/list-archives -> newplace.
That assumes the user owns another directory on the system that is not
within the /u/username tree, which on a normal system would not be the
case. There will always be idiots using /tmp for this purpose, but they
will quickly learn that there are, er, drawbacks :-) As for people who
allow world write to their directories and files or use their userid for
password, they shouldn't be surprised if other people are pirating their
directories and loading their bills.
>Then, LISTSERV's archive writing would still work but the `chown -R`
>would not.
Just write your own program that traverses symbolic links, it should take
about 30 min. If you don't want local code, I suspect that security
add-ons exist for AIX which give you ACLs and in general greater control
over file ownership and security. An even simpler alternative would be to
put the per-user directory somewhere that the users can't access at all.
It is actually a very bad idea to put these files under a Joe User
directory where they can be manipulated randomly by someone who does not
necessarily understand what these files are for and how they work.
LISTSERV assumes that the files are not being tampered with by a third
party while it uses them. I'll bet a large sum that the average user will
assume that the digest file is here to be freely edited without worries,
that these weird large unprintable dbwhatever files are designed to be
removed so you can save disk space, and that the other log files can also
be edited freely and without precaution. Then you'll be wondering why you
get strange errors in your LISTSERV log :-) I just don't see any reason
to give users a free run on these files.
>Because of our widespread use of sub-lists, *not* having recursion is
>counter-intuitive to our users!
Maybe but I think this is specific to UFL :-)
Eric
|
|
|