From owner-freebsd-questions Tue Dec 22 09:05:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA17442 for freebsd-questions-outgoing; Tue, 22 Dec 1998 09:05:47 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA17429 for ; Tue, 22 Dec 1998 09:05:40 -0800 (PST) (envelope-from kpielorz@tdx.co.uk) Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242]) by caladan.tdx.co.uk (8.9.1a/8.9.1) with ESMTP id RAA25486; Tue, 22 Dec 1998 17:05:05 GMT Message-ID: <367FD13F.1F19C977@tdx.co.uk> Date: Tue, 22 Dec 1998 17:05:03 +0000 From: Karl Pielorz Organization: TDX - The Digital eXchange X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: "Bond, Jeffery" CC: "'cjclark@home.com'" , "'questions@freebsd.org'" Subject: Re: Basic Security Question References: <084DD226F592D211988800A024AC583B02B789@exchange.nectech.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Bond, Jeffery" wrote: > > I still believe you are wrong. When you su'd to cjc (from root), you still > have root priviliges. Check the owner ship of passwd.old after you moved it, > its still owned by root. If you logged in as cjc rather than su-ing from > root, you will find that I am right, and the mv command will fail. > > regards, > > Jeff We had a similar problem with our FTP server, users 'owned' their own home directory (which seemed fairly sensible), and as a courtesy we'd put a 'readme.txt' file in each of their home directories, owned by root... We quickly noticed how the users could rename (i.e. mv) the file around though, and 'ye olde readme.txt started ending up as '.rhosts' + others very rapidly (fortunately they couldn't change it's contents)... Thus going to prove, the mere user (because they owned the directory - which is after all only a file), could manipulate the file 'owned' by root... I seem to remember they might even have been able to delete it... They could certainly rename it at will... We now supply the same readme, but with the ownership set to the user... ;-) -Kp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message