Date: Tue, 22 Dec 1998 16:40:07 -0000 From: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk> To: "'cjclark@home.com'" <cjclark@home.com> Cc: "'questions@freebsd.org'" <questions@FreeBSD.ORG> Subject: RE: Basic Security Question Message-ID: <084DD226F592D211988800A024AC583B02B789@exchange.nectech.co.uk>
next in thread | raw e-mail | index | archive | help
I still believe you are wrong. When you su'd to cjc (from root), you still have root priviliges. Check the owner ship of passwd.old after you moved it, its still owned by root. If you logged in as cjc rather than su-ing from root, you will find that I am right, and the mv command will fail. regards, Jeff > -----Original Message----- > From: Crist J. Clark [SMTP:cjc@cc942873-a.ewndsr1.nj.home.com] > Sent: 18 December 1998 14:09 > To: Jeff.Bond@nectech.co.uk > Subject: Re: Basic Security Question > > Bond, Jeffery wrote, > > Just because the directory is writable, this doesnt mean the existing > files > > in it are too. You won't be able to do 'mv passwd passwd.old'. > > Sorry, that's plain wrong. You can't write to the files, but you _can_ > move them or even remove them. Below is the actual screen output of me > testing this with my root and a user account (you can watch the file > containing the output grow as I type ;). The prompt with the '#' is > of course the root account. > > [101:/usr/home/cjc/Test]# ls -la > total 4 > drwxrwxrwx 2 root cjc 512 Dec 18 08:56 . > drwxr-xr-x 16 cjc cjc 1536 Dec 18 08:51 .. > -rw-r----- 1 root cjc 34 Dec 18 08:56 message.mail > [102:/usr/home/cjc/Test]# touch passwd > [103:/usr/home/cjc/Test]# ls -l > total 1 > -rw-r----- 1 root cjc 265 Dec 18 08:56 message.mail > -rw-r----- 1 root cjc 0 Dec 18 08:56 passwd > [104:/usr/home/cjc/Test]# su cjc > [101:~/Test] mv passwd passwd.old > [102:~/Test] ls -la > total 4 > drwxrwxrwx 2 root cjc 512 Dec 18 08:57 . > drwxr-xr-x 16 cjc cjc 1536 Dec 18 08:51 .. > -rw-r----- 1 root cjc 484 Dec 18 08:57 message.mail > -rw-r----- 1 root cjc 0 Dec 18 08:56 passwd.old > [103:~/Test] rm -f passwd.old > [104:~/Test] ls -la > total 4 > drwxrwxrwx 2 root cjc 512 Dec 18 08:57 . > drwxr-xr-x 16 cjc cjc 1536 Dec 18 08:51 .. > -rw-r----- 1 root cjc 750 Dec 18 08:57 message.mail > [105:~/Test] whoami > cjc > [106:~/Test] exit > [105:/usr/home/cjc/Test]# exit > > So, root creates a file 'passwd' with 640 permissions in a 777 > directory. cjc then can mv the file and rm it. > > You would get the behavior you expect (other users cannot mv or rm > someone elses files) only if the sticky(8) bit is set. > > Better change that /etc permission right away. :) > -- > Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?084DD226F592D211988800A024AC583B02B789>