From owner-freebsd-questions  Wed Jan 30 21:29:22 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from web21007.mail.yahoo.com (web21007.mail.yahoo.com [216.136.227.61])
	by hub.freebsd.org (Postfix) with SMTP id 253E737B402
	for <freebsd-questions@freebsd.org>; Wed, 30 Jan 2002 21:29:20 -0800 (PST)
Message-ID: <20020131052920.1495.qmail@web21007.mail.yahoo.com>
Received: from [66.3.230.240] by web21007.mail.yahoo.com via HTTP; Thu, 31 Jan 2002 05:29:20 GMT
Date: Thu, 31 Jan 2002 05:29:20 +0000 (GMT)
From: =?iso-8859-1?q?Matt=20Sykes?= <mattmsykes@yahoo.co.uk>
Subject: able to delete root-owned files as non-root
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


xerxes:~> whoami
sykes
xerxes:~> ll testfile 
-rw-r--r--  1 root  wheel  0 Jan 31 00:23 testfile
xerxes:~> rm testfile
override rw-r--r--  root/wheel for testfile? y
xerxes:~> ll testfile
ls: testfile: No such file or directory

Big security problem.

This should never ever happen.

I am unable to find any documentation explaining this.

I checked and my UID isn't 0.

--Matt




__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message