From owner-freebsd-bugs Wed Dec 8 6:10: 6 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 6441615517 for ; Wed, 8 Dec 1999 06:10:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id GAA83535; Wed, 8 Dec 1999 06:10:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Date: Wed, 8 Dec 1999 06:10:03 -0800 (PST) Message-Id: <199912081410.GAA83535@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Sheldon Hearn Subject: Re: misc/15351: Normal users can over write important system files via ftp. Reply-To: Sheldon Hearn Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR misc/15351; it has been noted by GNATS. From: Sheldon Hearn To: greyleaf@home.net Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: misc/15351: Normal users can over write important system files via ftp. Date: Wed, 08 Dec 1999 16:03:49 +0200 On Tue, 07 Dec 1999 21:49:45 PST, greyleaf@home.net wrote: > It is possible, as a normal users, to use the ftp client to over write > system files with modes of 0664 and group wheel (such as log files in > /var/log). This is true for at least the stock ftp distributed with the > 3.2 release. I think you're mistaken. I think that users who are a part of group wheel can do this, and that's expected behaviour. Before you do your test as a "normal user", type id at the command prompt. Is this normal user part of group wheel? If so, everything's working as it should. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message