Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Dec 1998 09:08:56 -0500 (EST)
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        Jeff.Bond@nectech.co.uk (Bond Jeffery)
Subject:   Re: Basic Security Question
Message-ID:  <199812181409.JAA18950@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk> from "Bond, Jeffery" at "Dec 18, 98 09:54:54 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
Bond, Jeffery wrote,
> Just because the directory is writable, this doesnt mean the existing files
> in it are too. You won't be able to do 'mv passwd passwd.old'. 

Sorry, that's plain wrong. You can't write to the files, but you _can_
move them or even remove them. Below is the actual screen output of me
testing this with my root and a user account (you can watch the file
containing the output grow as I type ;). The prompt with the '#' is
of course the root account.

[101:/usr/home/cjc/Test]# ls -la
total 4
drwxrwxrwx   2 root  cjc   512 Dec 18 08:56 .
drwxr-xr-x  16 cjc   cjc  1536 Dec 18 08:51 ..
-rw-r-----   1 root  cjc    34 Dec 18 08:56 message.mail
[102:/usr/home/cjc/Test]# touch passwd
[103:/usr/home/cjc/Test]# ls -l
total 1
-rw-r-----  1 root  cjc  265 Dec 18 08:56 message.mail
-rw-r-----  1 root  cjc    0 Dec 18 08:56 passwd
[104:/usr/home/cjc/Test]# su cjc
[101:~/Test] mv passwd passwd.old
[102:~/Test] ls -la
total 4
drwxrwxrwx   2 root  cjc   512 Dec 18 08:57 .
drwxr-xr-x  16 cjc   cjc  1536 Dec 18 08:51 ..
-rw-r-----   1 root  cjc   484 Dec 18 08:57 message.mail
-rw-r-----   1 root  cjc     0 Dec 18 08:56 passwd.old
[103:~/Test] rm -f passwd.old
[104:~/Test] ls -la
total 4
drwxrwxrwx   2 root  cjc   512 Dec 18 08:57 .
drwxr-xr-x  16 cjc   cjc  1536 Dec 18 08:51 ..
-rw-r-----   1 root  cjc   750 Dec 18 08:57 message.mail
[105:~/Test] whoami
cjc
[106:~/Test] exit
[105:/usr/home/cjc/Test]# exit

So, root creates a file 'passwd' with 640 permissions in a 777
directory. cjc then can mv the file and rm it.

You would get the behavior you expect (other users cannot mv or rm
someone elses files) only if the sticky(8) bit is set.

Better change that /etc permission right away. :)
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812181409.JAA18950>