From owner-freebsd-current@FreeBSD.ORG Wed Feb 29 16:41:08 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 89933106564A for ; Wed, 29 Feb 2012 16:41:08 +0000 (UTC) (envelope-from freebsd@damnhippie.dyndns.org) Received: from qmta13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [76.96.27.243]) by mx1.freebsd.org (Postfix) with ESMTP id 6AC3E8FC13 for ; Wed, 29 Feb 2012 16:41:08 +0000 (UTC) Received: from omta15.emeryville.ca.mail.comcast.net ([76.96.30.71]) by qmta13.emeryville.ca.mail.comcast.net with comcast id fqh21i0051Y3wxoADsh8BT; Wed, 29 Feb 2012 16:41:08 +0000 Received: from damnhippie.dyndns.org ([24.8.232.202]) by omta15.emeryville.ca.mail.comcast.net with comcast id fsh71i00D4NgCEG8bsh7VA; Wed, 29 Feb 2012 16:41:08 +0000 Received: from [172.22.42.240] (revolution.hippie.lan [172.22.42.240]) by damnhippie.dyndns.org (8.14.3/8.14.3) with ESMTP id q1TGf55q007665; Wed, 29 Feb 2012 09:41:05 -0700 (MST) (envelope-from freebsd@damnhippie.dyndns.org) From: Ian Lepore To: jb In-Reply-To: References: <20120228092244.GB48977@mech-cluster241.men.bris.ac.uk> <20120228162447.GB58311@mech-cluster241.men.bris.ac.uk> <20120229072458.GA95427@DataIX.net> <20120229085716.GA66484@mech-cluster241.men.bris.ac.uk> <1330527621.1023.27.camel@revolution.hippie.lan> Content-Type: text/plain; charset="us-ascii" Date: Wed, 29 Feb 2012 09:41:05 -0700 Message-ID: <1330533665.1023.41.camel@revolution.hippie.lan> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org Subject: Re: negative group permissions? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 16:41:08 -0000 On Wed, 2012-02-29 at 16:18 +0000, jb wrote: > Ian Lepore damnhippie.dyndns.org> writes: > > > ... > > It's not a > > directory or executable file in the first place, so making it executable > > for everyone except the owner and group is not some sort of subtle > > security trick, it's just meaningless. > > ... > > Is it meaningless ? > > Example: > # cat /var/spool/output/lpd/.seq > #! /usr/local/bin/bash > touch /tmp/jb-test-`echo $$` > > # ls -al /var/spool/output/lpd/.seq > -rw-r----x 1 root daemon 54 Feb 29 17:05 /var/spool/output/lpd/.seq > # /var/spool/output/lpd/.seq > # > # ls /tmp/jb* > /tmp/jb-test-61789 > > # chmod 0640 /var/spool/output/lpd/.seq > # ls -al /var/spool/output/lpd/.seq > -rw-r----- 1 root daemon 52 Feb 29 17:11 /var/spool/output/lpd/.seq > # /var/spool/output/lpd/.seq > su: /var/spool/output/lpd/.seq: Permission denied > # > > jb I don't understand the point of your example. You use an example .seq file which does not contain the data the lpr program puts into that file. Instead your file contains executable code, then you show how negative permissions work on exectuable files. My point is that the way this file is used by lpr, it is NOT an executable file -- it holds a simple ascii-encoded sequence number. That seems to be a pretty strong argument that manipulating the exec permission was not an intentional invokation of negative permissions. -- Ian