[TUHS] History of chown semantics

[Clem Cole]

On Thu, Jan 9, 2014 at 2:23 PM, Brian S Walden <tuhs at cuzuco.com> wrote:

> non-su chown worked in pwb, if the caller owned the file. code had to be
> added then to the system call to strip the setuid/setgid bits if you were
> not su, for obvious security reasons.  you didnt see that bit stripping
> in, say the v6/v7 code.



Brian - right as I showed in the code snippet from V6 and PWB.  The idea
came into being with PWB.
The question that is still open is why was it added/need in the first
place?    I always thought is was a crazy/miss feature,

I think the argument is that if you owned the file, you should be allowed
to give it to anyone else [including root] - but that actions opens up a
number of issues (you pointed the big security one that was handled by
and-ing off the SUID/SGID bits).  There are accounting issues as well as
the practical one that Tim and I pointed out with importing of files on a
tape.

As I said, the file give-away feature comes into UNIX with PWB, so I would
ask Mash is he remembers why it was needed and why the SVID folks wanted
it.  As I said, I personally found it not useful/a bad idea/miss-feature.
 I remember that I soon after I learned about it/got bitten by the side
effect, I ran into dmr  and srb at a USENIX and asked them about that a few
other System III features that I found a little strange.   I don't remember
much of the conversation.   But, if there are been a "good" reason I think
I would have remembered it and not always thought it to be a bad idea.

Clem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20140109/6523915b/attachment.html>