From: drew@ophelia.cs.colorado.edu (Drew Eckhardt) Subject: Re: Logging as root....bad idea? Date: 23 Jul 1992 23:10:07 GMT
In article <*6a1H7ren8@atlantis.psu.edu> bairstow@haydn.psu.edu (Steven Bairstow) writes:
>
>What I would like is a new version of rm, where are the lastest sources?
>The version that came on the last root disk allows someone in group other
>to erase a file owned by root in group wheel. Even with the file I'm
>trying to erase set to permissions 600, it will ask if you want to overide
>these permissions and then merrily delete it. I have checked and rm is not
>setuid. What is going on here?
1. Check the permissions on the directory. If it is writeable to you,
but not sticky (bit 1000), you will be able to delete things
in it. /tmp, /usr/tmp, /usr/preserve, and any other world
writeable directories should be sticky too.
2. What is your UID? Under bash, the UID shell variable will be set.
If you have a second entry in the password file with UID
0, that will be treated as root too.