From owner-freebsd-stable@FreeBSD.ORG  Wed Nov 29 19:52:44 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C396316A415
	for <freebsd-stable@freebsd.org>; Wed, 29 Nov 2006 19:52:44 +0000 (UTC)
	(envelope-from M.Hirsch@hirsch.it)
Received: from server1.hirsch.it (server1.hirsch.it [213.239.214.99])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4329543CA2
	for <freebsd-stable@freebsd.org>; Wed, 29 Nov 2006 19:52:40 +0000 (GMT)
	(envelope-from M.Hirsch@hirsch.it)
Received: from [91.89.83.109] (helo=[192.168.101.121])
	by server1.hirsch.it with esmtpa (Exim 4.50)
	id 1GpVTy-000220-EI; Wed, 29 Nov 2006 20:52:39 +0100
Message-ID: <456DE503.3090602@hirsch.it>
Date: Wed, 29 Nov 2006 20:52:35 +0100
From: "M.Hirsch" <M.Hirsch@hirsch.it>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: Stefan Lambrev <stefan.lambrev@sun-fish.com>
References: <456DB725.6060105@sun-fish.com>
In-Reply-To: <456DB725.6060105@sun-fish.com>
Content-Type: text/plain; charset=windows-1251; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.8 (--)
X-Spam-Report: Spam detection software,
	running on the system "server1.hirsch.it", has
	identified this incoming email as possible spam. The original message
	has been attached to this so you can view it (if it isn't spam) or
	label similar future email.  If you have any questions, see
	the administrator of that system for details.
	Content preview:  > Hello, > > Can someone explain to me why next can
	happened on freebsd: > 1. add 2 users in same group - user test and
	test-ro in group test > 2. as user test: cd /home/test ; mkdir test;
	chmod 775 test; echo > "asdasd" > ~/test/del.me > 3. su - test-ro ; cd
	/home/test; vim del.me - make changes; force save > (:x!) > > ls -l >
	total 2 > -rw-r--r-- 1 test-ro test 10 Nov 29 18:19 del.me (how is that
	> possible ?) > > back "su - test" and try to edit this file -
	impossible! > > I do not know what the RFC says about it, but it is
	ultra weird for me > that such ownership takeover is possible. > >
	6.2-PRERELEASE FreeBSD Fri Oct 27 19:53:30 amd64 > [...] 
	Content analysis details:   (-2.8 points, 5.0 required)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-2.8 ALL_TRUSTED            Did not pass through any untrusted hosts
Cc: freebsd-stable@freebsd.org
Subject: Re: weird permitions
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Nov 2006 19:52:44 -0000


> Hello,
>
> Can someone explain to me why next can happened on freebsd:
> 1. add 2 users in same group - user test and test-ro in group test
> 2. as user test: cd /home/test ; mkdir test; chmod 775 test; echo 
> "asdasd" > ~/test/del.me
> 3. su - test-ro ; cd /home/test; vim del.me - make changes; force save 
> (:x!)
>
> ls -l
> total 2
> -rw-r--r--  1 test-ro  test  10 Nov 29 18:19 del.me (how is that 
> possible ?)
>
> back "su - test" and try to edit this file - impossible!
>
> I do not know what the RFC says about it, but it is ultra weird for me
> that such ownership takeover is possible.
>
> 6.2-PRERELEASE FreeBSD Fri Oct 27 19:53:30 amd64
>

Correct me if I'm wrong... but you obviously were editing two completely 
distinct files.
~test/del.me (logged in as "test-ro")
and
~test/test/del.me (logged in as "test")

I fail to see anything odd here.
You seem to have enabled group writable home directories though.

M.