14 Jan
2014
14 Jan
'14
12:16 a.m.
SZIGETI Szabolcs scripsit:
Well, with the same reasoning, we don't need
passwords or protection
bits on files, since I can always take a piece of steel pipe and beat
the owner, until he gives out the data, so why bother?
More like beating my argument with a pipe than the owner.
Blocking chown for general users is one level of
several controls.
Its specific purpose was to make per-user quotas practical, but since
per-user quotas are as dead as the dodo, it no longer serves any known
purpose. Yes, it blocks a particularly crude substitute for MAC in the
now-unusual case of true timesharing as opposed to single-user clients
and single-purpose servers. But really it is nothing but security by
ceremonial. A better case could be made that it should require root
privilege to perform chmod, or at least any chmod that widens access.
--
You are a child of the universe no less John Cowan
than the trees and all other acyclic http://www.ccil.org/~cowan
graphs; you have a right to be here. cowan(a)ccil.org
--DeXiderata by Sean McGrath