lou@hoxna.UUCP (03/16/87)
In article <713@aw.sei.cmu.edu.sei.cmu.edu>, pdb@sei.cmu.edu (Patrick Barron) writes: > > I, for one, wouldn't want there to be any way for a non-root user to make > it look like I created some random file (like, for instance, writing a program > to do some anti-social thing like a mkdir/chdir loop, moving it into /usr/tmp, > and chowning it to me). Is there any way to track the original creator of > a file? > Well, you can't track the original creator easily, but the evil loop would run under the perpetrator's UID, so you could look in the accounting files and see which person executed 100,000 mkdirs at that particular time. (What's accounting like on BSD ?) > But then again, I use real Unix, not System V :-). Nah, SysV is the *real* UNIX (tm). BSD's, like, a *mutant* or something. :-) lou @ hoxna
pdb@sei.cmu.edu (Patrick Barron) (03/17/87)
I wasn't worried about anyone actually running the thing - my point was that I'd rather not have non-root users have the ability to create files, then make it look like *I* created it. I know all too many sysadmins who would turn off an account in a flash (as well they should) if they found the account owner had such a file. Of course, if some idiot should actually execute the 10000 mkdirs, yes, BSD's accounting would let you figure out who did it. --Pat.
guy%gorodish@Sun.COM (Guy Harris) (03/17/87)
> Well, you can't track the original creator easily, but the > evil loop would run under the perpetrator's UID, Not if it wasn't set-UID, it wouldn't. Presumably, the intent here was to trap some unwary user who has the current directory in their path but not at the end of the path. Then again, you shouldn't have the current directory as the first item in your path anyway.... I'm not sure this is a good example of something anti-social you can do on a system where you can give files away. > so you could look in the accounting files and see which person executed > 100,000 mkdirs at that particular time. (What's accounting like on BSD ?) Similar, considering the basic process accounting code in both kernels is derived from the V7 code. Of course, if you didn't have process accounting turned on, this wouldn't help; process accounting can consume disk space pretty fast, so not everybody uses it. > > But then again, I use real Unix, not System V :-). > Nah, SysV is the *real* UNIX (tm). BSD's, like, a *mutant* > or something. :-) Nope, UNIX is defined as "whatever runs on Dennis Ritchie's machine", so V9 is the only *real* UNIX. :-)