From: rafetmad@cheshire.oxy.edu (David Giller) Subject: Re: SERIOUS SECURITY PROBLEM (I think) Date: Tue, 2 Jun 1992 02:26:18 GMT
jgifford@attmail.com wrote:
>I was just logged in as a regular user, and there was a file in my home
>directory that belongs to root, and I did an rm to it
> rm -f test.c
>and this is what I saw:
> rm: remove 'test.c', overriding mode 0644?
>to which I answered yes, and when i did an ls, the file was gone!!
>This didn't happen under .95, .95a, .12, .95c++, but it is happening
>under .96 (don't have the .96a yet)
>I think this is a security risk, but I am not an expert. ;)
>I just wanted everyone to be aware that this can happen, and maybe
>it shouldn't?
No, this is an exception to the normal rules of permissions. Actually,
I guess it IS a normal rule, but it's not part of the basic one, 'if you
don't own it, you can't have it.'
If there is a file in a directory owned by you, you have rights to it, no
matter who owns it. I forget just to what extent the permissions are, but
you have at least the right to delete it.
Notice that you couldn't delete something in the /bin directory, for example.
-Dave
-- David Giller, Box 134 | Q: How many Oregonians does it take to screw in a light Occidental College | bulb? A: Three. One to replace the bulb, and two to 1600 Campus Road | fend off all the Californians trying to share the Los Angeles, CA 90041 | experience. ---------------------------rafetmad@oxy.edu