Date: Wed, 29 Feb 2012 16:18:45 +0000 (UTC) From: jb <jb.1234abcd@gmail.com> To: freebsd-current@freebsd.org Subject: Re: negative group permissions? Message-ID: <loom.20120229T171016-473@post.gmane.org> References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk> <loom.20120228T155607-690@post.gmane.org> <20120228162447.GB58311@mech-cluster241.men.bris.ac.uk> <20120229072458.GA95427@DataIX.net> <20120229085716.GA66484@mech-cluster241.men.bris.ac.uk> <loom.20120229T111136-48@post.gmane.org> <loom.20120229T141955-30@post.gmane.org> <1330527621.1023.27.camel@revolution.hippie.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes: > ... > It's not a > directory or executable file in the first place, so making it executable > for everyone except the owner and group is not some sort of subtle > security trick, it's just meaningless. > ... Is it meaningless ? Example: # cat /var/spool/output/lpd/.seq #! /usr/local/bin/bash touch /tmp/jb-test-`echo $$` # ls -al /var/spool/output/lpd/.seq -rw-r----x 1 root daemon 54 Feb 29 17:05 /var/spool/output/lpd/.seq # /var/spool/output/lpd/.seq # # ls /tmp/jb* /tmp/jb-test-61789 # chmod 0640 /var/spool/output/lpd/.seq # ls -al /var/spool/output/lpd/.seq -rw-r----- 1 root daemon 52 Feb 29 17:11 /var/spool/output/lpd/.seq # /var/spool/output/lpd/.seq su: /var/spool/output/lpd/.seq: Permission denied # jb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?loom.20120229T171016-473>