Date: Tue, 03 Jul 2007 13:13:38 +0200 From: "Julian H. Stacey" <jhs@berklix.org> To: Harald Schmalzbauer <h.schmalzbauer@omnisec.de> Cc: freebsd-stable@freebsd.org Subject: Re: regular user can destroy disk label?!? Message-ID: <200707031113.l63BDcZW036403@fire.js.berklix.net> In-Reply-To: <200707031127.07413.h.schmalzbauer@omnisec.de> References: <200707031127.07413.h.schmalzbauer@omnisec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Harald Schmalzbauer wrote: > Hello, > > accidentally I did 'bsdlabel -w ar0s2' as unprivileged user but it was > successfull. Likely you have a permissions problems. Report result of cd /dev ; ls -l . ar0s2 ad0s2 /sbin/bsdlabel On my 6.2-RELEASE for example I have an unwriteable combo of: dr-xr-xr-x 5 root wheel 512 Jan 1 1970 ./ crw-r----- 1 root operator 0, 110 Jun 21 09:03 ad0s2 crw-r----- 1 root operator 0, 123 Jun 21 11:03 ad0s2a -r-xr-xr-x 2 root wheel 233768 Apr 11 19:43 /sbin/bsdlabel* Either: - You made a typo with ar0s2 & meant ad0s2, - Or you really mean "ar" - man 4 ar reports a comms card ! - /dev/ar0s2 may be some meaningless normal file, not a device, but in /dev/ , writeable by you, from a previous mistake you made as root ? > Is this only possible because there was no mounted filesystem on it? No. Regardless what the code of bsdlabel.c might try, if it doesnt have SUID or SGID bits & isnt run as root, kernel won't allow it to write what it doesnt have permission for. > But I can imagine having data on unmounted filesystems. Possible yes but see above. > Is it intended that regular useres can overwrite the label? No. > That's a big fault in my opinion. No such fault to fear :-) BTW all above is general Unix philospohy, applies equally to Linux, *BSD & commercial Unixes, ref. any book on Unix permissions etc :-) > Best regards, > > -Harry Julian -- Julian Stacey. Munich Computer Consultant, BSD Unix C Linux. http://berklix.com HTML mail unseen. Ihr Rauch=mein allergischer Kopfschmerz. Dump cigs 4 snuff.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707031113.l63BDcZW036403>