Re: Feature Request: disallow world-writable files in chmod (original) (raw)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

From: Joseph D. Wagner
Subject: Re: Feature Request: disallow world-writable files in chmod
Date: Thu, 27 Jun 2013 13:31:19 -0700
User-agent: Roundcube Webmail/0.8.6

On 06/27/2013 1:03 pm, Ben Lentz wrote:

And the kernel devs would never allow it. You may still want to patch

your local systems, either chmod or the kernel. However, this will not

be accepted upstream.

My suggestion was merely meant to insight thought in the user attempting to set files world-writable, perhaps triggering a discussion with their system administrator about proper usage of

I certainly don't aim to remove S_WOTH from the kernel; I certainly don't think chmod providing some resistance or objection to being used to set this bit would be a bad thing.

Maybe the world isn't ready yet. Oh well, thanks anyway I guess.

Sorry, I wasn't trying to be dismissive. I was trying to point you to a better direction to take this discussion. To the contrary, I think your idea has some merits in certain use-cases, especially on locked-down systems.

If I could waive a magic wand and implement this any way I wanted, I would create it as a optional (bool) selinux policy which prevents members of users_u from adding o+w. The advantages of doing it this way:

  1. Truly secure. Can't be bypassed by another program.
  2. You would have fine-grained control of who's locked out by managing their groups -- users_u, staff_u, root_u, or unconfined_u.
  3. You wouldn't need to be root in order to do it. You could be a non-root member of staff_u.

However, I don't know if the kernel has selinux checks at that particular point in the codepath to support such a policy. Perhaps the selinux guys would already know the answer to this.

Joseph D. Wagner