From owner-freebsd-questions  Fri Dec 18 06:08:51 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA11903
          for freebsd-questions-outgoing; Fri, 18 Dec 1998 06:08:51 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA11898
          for <freebsd-questions@FreeBSD.ORG>; Fri, 18 Dec 1998 06:08:50 -0800 (PST)
          (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.8.8/8.8.8) id JAA18950
	for freebsd-questions@FreeBSD.ORG; Fri, 18 Dec 1998 09:09:25 -0500 (EST)
	(envelope-from cjc)
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
Message-Id: <199812181409.JAA18950@cc942873-a.ewndsr1.nj.home.com>
Subject: Re: Basic Security Question
In-Reply-To: <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk> from "Bond, Jeffery" at "Dec 18, 98 09:54:54 am"
To: Jeff.Bond@nectech.co.uk (Bond Jeffery)
Date: Fri, 18 Dec 1998 09:08:56 -0500 (EST)
Reply-To: cjclark@home.com
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Bond, Jeffery wrote,
> Just because the directory is writable, this doesnt mean the existing files
> in it are too. You won't be able to do 'mv passwd passwd.old'. 

Sorry, that's plain wrong. You can't write to the files, but you _can_
move them or even remove them. Below is the actual screen output of me
testing this with my root and a user account (you can watch the file
containing the output grow as I type ;). The prompt with the '#' is
of course the root account.

[101:/usr/home/cjc/Test]# ls -la
total 4
drwxrwxrwx   2 root  cjc   512 Dec 18 08:56 .
drwxr-xr-x  16 cjc   cjc  1536 Dec 18 08:51 ..
-rw-r-----   1 root  cjc    34 Dec 18 08:56 message.mail
[102:/usr/home/cjc/Test]# touch passwd
[103:/usr/home/cjc/Test]# ls -l
total 1
-rw-r-----  1 root  cjc  265 Dec 18 08:56 message.mail
-rw-r-----  1 root  cjc    0 Dec 18 08:56 passwd
[104:/usr/home/cjc/Test]# su cjc
[101:~/Test] mv passwd passwd.old
[102:~/Test] ls -la
total 4
drwxrwxrwx   2 root  cjc   512 Dec 18 08:57 .
drwxr-xr-x  16 cjc   cjc  1536 Dec 18 08:51 ..
-rw-r-----   1 root  cjc   484 Dec 18 08:57 message.mail
-rw-r-----   1 root  cjc     0 Dec 18 08:56 passwd.old
[103:~/Test] rm -f passwd.old
[104:~/Test] ls -la
total 4
drwxrwxrwx   2 root  cjc   512 Dec 18 08:57 .
drwxr-xr-x  16 cjc   cjc  1536 Dec 18 08:51 ..
-rw-r-----   1 root  cjc   750 Dec 18 08:57 message.mail
[105:~/Test] whoami
cjc
[106:~/Test] exit
[105:/usr/home/cjc/Test]# exit

So, root creates a file 'passwd' with 640 permissions in a 777
directory. cjc then can mv the file and rm it.

You would get the behavior you expect (other users cannot mv or rm
someone elses files) only if the sticky(8) bit is set.

Better change that /etc permission right away. :)
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message