From owner-freebsd-security  Mon Jun 14 11:37:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from claude.akamai.com (access.akamai.com [4.17.143.9])
	by hub.freebsd.org (Postfix) with ESMTP id 3F76E15331
	for <freebsd-security@FreeBSD.ORG>; Mon, 14 Jun 1999 11:37:17 -0700 (PDT)
	(envelope-from dshaw@akamai.com)
Received: (from dshaw@localhost)
	by claude.akamai.com (8.8.7/8.8.7) id OAA05451
	for freebsd-security@FreeBSD.ORG; Mon, 14 Jun 1999 14:37:34 -0400
Date: Mon, 14 Jun 1999 14:37:34 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: freebsd-security@FreeBSD.ORG
Subject: Re: reading files.
Message-ID: <19990614143734.B4439@jabberwocky.com>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <Pine.BSF.4.10.9906131445410.7278-100000@fkr.dynip.com> <Pine.GSO.3.96.990614110658.7830A-100000@sol.cs.binghamton.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.5i
In-Reply-To: <Pine.GSO.3.96.990614110658.7830A-100000@sol.cs.binghamton.edu>; from Zhihui Zhang on Mon, Jun 14, 1999 at 11:10:48AM -0400
X-PGP-Fingerprint: 3CB3B415/2048/4D 96 83 18 2B AF BE 45 D0 07 C4 07 51 37 B3 18
X-URL: http://www.jabberwocky.com/
X-Phase-Of-Moon: The Moon is Waxing Crescent (2% of Full)
X-Current-Email-Backlog: 336
X-Pointless-Random-Number: 132
X-Silly-Header: It sure is.
X-Time-Til-Y2K: 28 weeks, 4 days, 10 hours, 24 minutes, 33 seconds
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Jun 14, 1999 at 11:10:48AM -0400, Zhihui Zhang wrote:
> 
> On Sun, 13 Jun 1999, Jason L. Schwab wrote:
> 
> > 
> > I heard that there is a way to read any file on a freebsd system as a
> > normal non-root user.. is this true? if so can some one give me some info
> > on this? thanks.
> 
> Unless you are root or has somehow gotten the root password.  Or you may
> steal the hard drive and examine it elsewhere. BTW, I know Windows-NT has
> a feature that does not allow the Administrator (known as root in Unix) to
> access the file of a normal user.  I wonder if this feature can be added
> to FreeBSD easily. 

It's true that the NT Administrator can't read files that he doesn't have
permission for, but since Administrator controls the ACLs, if he can't
read something, he can trivially just change the permissions and give
himself access!

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message