Date: Thu, 31 Jan 2002 00:31:40 -0500 (EST) From: Tim Wilde <twilde@dyndns.org> To: =?iso-8859-1?q?Matt=20Sykes?= <mattmsykes@yahoo.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: able to delete root-owned files as non-root Message-ID: <Pine.GSO.4.40.0201310030001.20128-100000@quartz.bos.dyndns.org> In-Reply-To: <20020131052920.1495.qmail@web21007.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 31 Jan 2002, [iso-8859-1] Matt Sykes wrote: > xerxes:~> whoami > sykes > xerxes:~> ll testfile > -rw-r--r-- 1 root wheel 0 Jan 31 00:23 testfile > xerxes:~> rm testfile > override rw-r--r-- root/wheel for testfile? y > xerxes:~> ll testfile > ls: testfile: No such file or directory > > Big security problem. > > This should never ever happen. Sure it should. If you own the directory this file is in, you have permission to do this. It's perfectly standard UNIX filesystem behavior. On my solaris box: twilde@quartz:~$ ls -lad . drwxr-xr-x 28 twilde twilde 2048 Jan 31 00:30 . twilde@quartz:~$ ls -la somefile -rw-r--r-- 1 root other 0 Jan 31 00:30 somefile twilde@quartz:~$ rm somefile rm: somefile: override protection 644 (yes/no)? y twilde@quartz:~$ ls -la somefile somefile: No such file or directory twilde@quartz:~$ The ownership of the directory is what gives you permission to create or remove files in the directory. You wouldn't be able to EDIT that file as someone who doesn't have write privs on it, though. Tim Wilde -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic DNS Network Services http://www.dyndns.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.40.0201310030001.20128-100000>