Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Feb 2012 09:41:05 -0700
From:      Ian Lepore <freebsd@damnhippie.dyndns.org>
To:        jb <jb.1234abcd@gmail.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: negative group permissions?
Message-ID:  <1330533665.1023.41.camel@revolution.hippie.lan>
In-Reply-To: <loom.20120229T171016-473@post.gmane.org>
References:  <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk> <loom.20120228T155607-690@post.gmane.org> <20120228162447.GB58311@mech-cluster241.men.bris.ac.uk> <20120229072458.GA95427@DataIX.net> <20120229085716.GA66484@mech-cluster241.men.bris.ac.uk> <loom.20120229T111136-48@post.gmane.org> <loom.20120229T141955-30@post.gmane.org> <1330527621.1023.27.camel@revolution.hippie.lan> <loom.20120229T171016-473@post.gmane.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2012-02-29 at 16:18 +0000, jb wrote:
> Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes:
> 
> > ... 
> >  It's not a
> > directory or executable file in the first place, so making it executable
> > for everyone except the owner and group is not some sort of subtle
> > security trick, it's just meaningless.
> > ...
> 
> Is it meaningless ?
> 
> Example:
> # cat /var/spool/output/lpd/.seq 
> #! /usr/local/bin/bash
> touch /tmp/jb-test-`echo $$`
> 
> # ls -al /var/spool/output/lpd/.seq 
> -rw-r----x  1 root  daemon  54 Feb 29 17:05 /var/spool/output/lpd/.seq
> # /var/spool/output/lpd/.seq 
> # 
> # ls /tmp/jb*
> /tmp/jb-test-61789
> 
> # chmod 0640 /var/spool/output/lpd/.seq 
> # ls -al /var/spool/output/lpd/.seq 
> -rw-r-----  1 root  daemon  52 Feb 29 17:11 /var/spool/output/lpd/.seq
> # /var/spool/output/lpd/.seq 
> su: /var/spool/output/lpd/.seq: Permission denied
> #
> 
> jb

I don't understand the point of your example.  You use an example .seq
file which does not contain the data the lpr program puts into that
file.  Instead your file contains executable code, then you show how
negative permissions work on exectuable files.

My point is that the way this file is used by lpr, it is NOT an
executable file -- it holds a simple ascii-encoded sequence number.
That seems to be a pretty strong argument that manipulating the exec
permission was not an intentional invokation of negative permissions.

-- Ian





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1330533665.1023.41.camel>