Re: File Permissions are incorrect. Security flaw in Linux

From: Mathieu Chouquet-Stringer
Date: Wed Oct 01 2003 - 08:10:39 EST

Next message: Måns Rullgård: "Re: File Permissions are incorrect. Security flaw in Linux"
Previous message: Nicolas Mailhot: "Re: Keyboard oddness."
In reply to: Lisa R. Nelson: "File Permissions are incorrect. Security flaw in Linux"
Next in thread: Måns Rullgård: "Re: File Permissions are incorrect. Security flaw in Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

lisanels@xxxxxxxxxxxx ("Lisa R. Nelson") writes:
> [1.] One line summary of the problem:
> A low level user can delete a file owned by root and belonging to group
> root even if the files permissions are 744. This is not in agreement
> with Unix, and is a major security issue.

That's perfectly normal, the directory where you put your files is writable
by anyone and that's what matters. To remove a file, you don't need
permission on the file but on the container, which is the directory in your
case.
Make the directory 1777 instead of 777 or try the same thing under /tmp.

--
Mathieu Chouquet-Stringer E-Mail : mathieu@xxxxxxxxxxx
Never attribute to malice that which can be adequately
explained by stupidity.
-- Hanlon's Razor --
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Måns Rullgård: "Re: File Permissions are incorrect. Security flaw in Linux"
Previous message: Nicolas Mailhot: "Re: Keyboard oddness."
In reply to: Lisa R. Nelson: "File Permissions are incorrect. Security flaw in Linux"
Next in thread: Måns Rullgård: "Re: File Permissions are incorrect. Security flaw in Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]