• Next message: Jim Burns: "tcsetpgrp() bug?"
• Previous message: Bill Henning: "Re: FAQ about X386"
• Maybe in reply to: jgifford@attmail.com: "SERIOUS SECURITY PROBLEM (I think)"
• Next in thread: Drew Eckhardt: "Re: SERIOUS SECURITY PROBLEM (I think)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Subject: Re: SERIOUS SECURITY PROBLEM (I think)
Date: Tue, 2 Jun 1992 03:53:19 GMT

   From: jgifford@attmail.com
   Reply-To: jgifford@attmail.com
   Date: Tue, 2 Jun 1992 02:06:55 GMT

   I was just logged in as a regular user, and there was a file in my home
   directory that belongs to root, and I did an rm to it
           rm -f test.c
   and this is what I saw:
           rm: remove 'test.c', overriding mode 0644?
   to which I answered yes, and when i did an ls, the file was gone!!

Standard Unix semantics: If you have write access to the containing
directory, you can delete any file in the directory. BSD systems have
an enhancement where if the sticky bit is set on a directory, only the
owner of the file can delete it. This is why BSD-derived systems have
/tmp set to mode 1777.

Adding this functionality to Linux would not be difficult. A few lines
of code to fs/namei.c.

   I think this is a security risk, but I am not an expert. ;)

Nope, no security risk; at least not from this behavior.

                                                - Ted

• Next message: Jim Burns: "tcsetpgrp() bug?"
• Previous message: Bill Henning: "Re: FAQ about X386"
• Maybe in reply to: jgifford@attmail.com: "SERIOUS SECURITY PROBLEM (I think)"
• Next in thread: Drew Eckhardt: "Re: SERIOUS SECURITY PROBLEM (I think)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]