Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 03 Jul 2007 13:13:38 +0200
From:      "Julian H. Stacey" <jhs@berklix.org>
To:        Harald Schmalzbauer <h.schmalzbauer@omnisec.de>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: regular user can destroy disk label?!? 
Message-ID:  <200707031113.l63BDcZW036403@fire.js.berklix.net>
In-Reply-To: <200707031127.07413.h.schmalzbauer@omnisec.de> 
References:  <200707031127.07413.h.schmalzbauer@omnisec.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Harald Schmalzbauer wrote:
> Hello,
> 
> accidentally I did 'bsdlabel -w ar0s2' as unprivileged user but it was 
> successfull.

Likely you have a permissions problems.  Report result of 
	cd /dev ; ls -l  . ar0s2 ad0s2 /sbin/bsdlabel

On my 6.2-RELEASE for example I have an unwriteable combo of:
	dr-xr-xr-x   5 root  wheel          512 Jan  1  1970 ./
	crw-r-----  1 root  operator    0, 110 Jun 21 09:03 ad0s2
	crw-r-----  1 root  operator    0, 123 Jun 21 11:03 ad0s2a
	-r-xr-xr-x  2 root  wheel       233768 Apr 11 19:43 /sbin/bsdlabel*

Either:
  - You made a typo with ar0s2 & meant ad0s2,
  - Or you really mean "ar" - man 4 ar reports a comms card !
  - /dev/ar0s2 may be some meaningless normal file, not a device, but in
    /dev/ , writeable by you, from a previous mistake you made as root ?


> Is this only possible because there was no mounted filesystem on it?

No.
Regardless what the code of bsdlabel.c might try, if it doesnt have
SUID or SGID bits & isnt run as root, kernel won't allow it to write
what it doesnt have permission for.

> But I can imagine having data on unmounted filesystems.

Possible yes but see above.

> Is it intended that regular useres can overwrite the label?

No.

> That's a big fault in my opinion.

No such fault to fear :-)
BTW all above is general Unix philospohy, applies equally to Linux, *BSD
& commercial Unixes, ref. any book on Unix permissions etc :-)

> Best regards,
> 
> -Harry
Julian
-- 
Julian Stacey. Munich Computer Consultant, BSD Unix C Linux. http://berklix.com
 HTML mail unseen. Ihr Rauch=mein allergischer Kopfschmerz. Dump cigs 4 snuff.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707031113.l63BDcZW036403>