Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Dec 1998 09:29:59 -0500
From:      Graeme Tait <graeme@echidna.com>
To:        "Bond, Jeffery" <Jeff.Bond@nectech.co.uk>
Cc:        "'FreeBSD questions'" <questions@FreeBSD.ORG>, "'cjc@cc942873-a.ewndsr1.nj.home.com'" <cjc@cc942873-a.ewndsr1.nj.home.com>
Subject:   Re: Basic Security Question
Message-ID:  <367A66E7.13DE@echidna.com>
References:  <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Bond, Jeffery wrote:
> 
> >Mark Ovens wrote,
> >
> >> and on all the Sparcs running SunOS4.1.3_U1 here are:
> >>
> >> gppsun4:/{8}% ls -ldug etc
> >> drwxrwsrwx 10 bin      staff        2048 Dec 17 09:30 etc
> >>
> >> which is even less secure as it's writable by all!
> >
> >I may be dense. Is that some kind of joke or something? As dense as I
> >am, I know for sure that even I could take any account on a system
> >with permissions like that and have control of root in this many
> >keystrokes:
> >
> >% cd /etc
> >% echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new
> >% mv passwd passwd.old
> >% mv passwd.new passwd
> >% su
> >#
> 
> Just because the directory is writable, this doesnt mean the existing files
> in it are too. You won't be able to do 'mv passwd passwd.old'.


As I understand it, file delete and creation are controlled by the 
permissions of the *containing* directory, not the file permissions. It's 
obvious enough it has to be that way for creation, as there is no file to 
have permissions, and logically, what you can (not) create, you should be 
(not) able to delete. If a file lacks write permission for the relevant 
user/group/other category, you will get a warning on deletion, but it can be 
overidden if the appropriate directory permission is write.

The mv command is possible as stated above.

But the hack given didn't work for me - is that because you need to fiddle 
master.passwd?


-- 
Graeme Tait - Echidna

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?367A66E7.13DE>