On Fri, 3 Feb 2017 14:29:04 -0500 Michael Orlitzky wrote: > > However, it is no rocket science to write a race-free chown command > > in C: Just open the file and use stat() and fchown() to be sure to > > change only files from the "correct" user. > > > > Since this works on the filehandle and not on the filename, I think > > that there is no possibility for an exploit when this is used in the > > above find loop. > > Not a bad idea... we chould ship that safe-chown utility, and then > tell users how to use it to fix their UIDs. The draft that I wrote up > was for the "fixed UID with random fallback" model, but said utility > could still be useful for people who want to change their running > systems to use the same UIDs that would have been chosen by default. Are you sure that said utility isn’t simply “chown --from”? -- Christopher Head