Date: Mon, 3 Jun 1996 19:15:37 +0200 (MET DST) From: "Mikael Karpberg" <karpen@sea.campus.luth.se> To: freebsd-security@FreeBSD.org Subject: Rm (was [linux-security]) Message-ID: <199606031715.TAA06911@sea.campus.luth.se> In-Reply-To: <199606031515.QAA03397@cadair.elsevier.co.uk> from "Paul Richards" at Jun 3, 96 04:15:57 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Bruce> Root had better know how to clear flags using chflags -R.
> Bruce> FreeBSD's `rm' has been hacked to unconditionally turn off the
> Bruce> user append and immutable flags before attempting removals.
> Bruce> 4.4Lite2's rm still fails to remove user-append/immutable
> Bruce> files.
>
> This doesn't make sense. What's the point of setting the immutable
> flag on something like the kernel if 'rm' has been hacked to disable it?
>
> The normal file permissions would prevent ordinary users from deleting
> it and the one reason I'd want to set the immutable flag would be to
> stop me as root doing something stupid to it.
If you read Burce's text once more, you'll see he says "user append and
immutable flags". USER. That is, if rm is run by ROOT, and only then, will
it ignore the USER APPEND and USER IMMUTABLE flags and just delete is anyway.
This prevents a user from stopping root's rm, but root can still stop it,
since the SUPERUSER APPEND and SUPERUSER IMMUTABLE flags are not ignored.
To be exact: if (!uid && /* only if root */
(st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
!(st_flags & (SF_APPEND|SF_IMMUTABLE))) {
/* go ahead */
}
/Mikael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606031715.TAA06911>