Re: File Permissions are incorrect. Security flaw in Linux

From: John Bradford
Date: Wed Oct 01 2003 - 10:05:05 EST

Next message: Andrew de Quincey: "Re: [ACPI] p2b-ds blacklisted?"
Previous message: Sam Ravnborg: "Re: How to use module in 2.6"
In reply to: Andreas Schwab: "Re: File Permissions are incorrect. Security flaw in Linux"
Next in thread: Felipe Alfaro Solana: "Re: File Permissions are incorrect. Security flaw in Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quote from Jurjen Oskam <jurjen@xxxxxxxxxxxxxx>:
> On Wed, Oct 01, 2003 at 06:40:13AM -0600, Lisa R. Nelson wrote:
>
> > [1.] One line summary of the problem:
> > A low level user can delete a file owned by root and belonging to group
> > root even if the files permissions are 744. This is not in agreement
> > with Unix, and is a major security issue.
>
> This *is* in agreement with Unix. It works exactly the same on AIX, for
> example.

Interesting, though, POSIX doesn't define the sticky bit. What is
even more interesting is that the chmod manual page answers just about
everything that has come up in this thread, and yet it's still wasting
LKML bandwidth.

John.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew de Quincey: "Re: [ACPI] p2b-ds blacklisted?"
Previous message: Sam Ravnborg: "Re: How to use module in 2.6"
In reply to: Andreas Schwab: "Re: File Permissions are incorrect. Security flaw in Linux"
Next in thread: Felipe Alfaro Solana: "Re: File Permissions are incorrect. Security flaw in Linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]