From owner-freebsd-questions  Wed Jan 30 21:32:12 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from quartz.bos.dyndns.org (quartz.bos.dyndns.org [66.37.218.198])
	by hub.freebsd.org (Postfix) with ESMTP id 65A8D37B41F
	for <freebsd-questions@FreeBSD.ORG>; Wed, 30 Jan 2002 21:31:42 -0800 (PST)
Received: from quartz.bos.dyndns.org (twilde@localhost [127.0.0.1])
	by quartz.bos.dyndns.org (8.12.2/8.12.2) with ESMTP id g0V5VfUD026596;
	Thu, 31 Jan 2002 00:31:41 -0500 (EST)
Received: from localhost (twilde@localhost)
	by quartz.bos.dyndns.org (8.12.2/8.12.2/Submit) with ESMTP id g0V5VeBT026593;
	Thu, 31 Jan 2002 00:31:40 -0500 (EST)
X-Authentication-Warning: quartz.bos.dyndns.org: twilde owned process doing -bs
Date: Thu, 31 Jan 2002 00:31:40 -0500 (EST)
From: Tim Wilde <twilde@dyndns.org>
X-X-Sender: twilde@quartz.bos.dyndns.org
To: =?iso-8859-1?q?Matt=20Sykes?= <mattmsykes@yahoo.co.uk>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: able to delete root-owned files as non-root
In-Reply-To: <20020131052920.1495.qmail@web21007.mail.yahoo.com>
Message-ID: <Pine.GSO.4.40.0201310030001.20128-100000@quartz.bos.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 31 Jan 2002, [iso-8859-1] Matt Sykes wrote:

> xerxes:~> whoami
> sykes
> xerxes:~> ll testfile
> -rw-r--r--  1 root  wheel  0 Jan 31 00:23 testfile
> xerxes:~> rm testfile
> override rw-r--r--  root/wheel for testfile? y
> xerxes:~> ll testfile
> ls: testfile: No such file or directory
>
> Big security problem.
>
> This should never ever happen.

Sure it should.  If you own the directory this file is in, you have
permission to do this.  It's perfectly standard UNIX filesystem behavior.
On my solaris box:

twilde@quartz:~$ ls -lad .
drwxr-xr-x  28 twilde   twilde      2048 Jan 31 00:30 .
twilde@quartz:~$ ls -la somefile
-rw-r--r--   1 root     other          0 Jan 31 00:30 somefile
twilde@quartz:~$ rm somefile
rm: somefile: override protection 644 (yes/no)? y
twilde@quartz:~$ ls -la somefile
somefile: No such file or directory
twilde@quartz:~$

The ownership of the directory is what gives you permission to create or
remove files in the directory.  You wouldn't be able to EDIT that file as
someone who doesn't have write privs on it, though.

Tim Wilde

-- 
Tim Wilde
twilde@dyndns.org
Systems Administrator
Dynamic DNS Network Services
http://www.dyndns.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message