On Fri, Jun 12, 1998 at 06:02:47PM +0100, G. Kapetanios wrote: > > Hi, > > Something very strange has happened to my system. I have my kernels in > /boot (the usual setup ) with permission 644.
um 644...thats um... owner: rwx group: r other: r ? I don't know my octal modes..forgive me :) anyway... >I have never touched that > after they are created by the kernel-package. I am doing some experiments > concerning security. So I tried as a user with no root privileges and no > root group privileges to delete the files /boot/vmlinuz.2.0.0 and > /boot/vmlinuz.2.0.27 I was asked whether 644 should be overrided I said > yes and it removed the files !!!! Why ?? ahh well...that means that permissions on the directory are wrong ;) check this out: I (as root) make a new dir "test" and give it these perms: drwxrwxrwx 2 root root 1024 Jun 12 15:21 test in test I make this file: ---------- 1 root root 0 Jun 12 15:22 safe so noone has permission to do ANYTHING to the file. now as sjc (normal user) in test: $ cat safe cat: safe: Permission denied then: $ rm safe rm: remove `safe', overriding mode 0000? y $ ls -l total 0 $ ok why does this work? rm does not acess the file...it changes teh DIRECTORY so if the user has write permisions to /boot then they can delete ANY file in /boot even if they don't have acess to thge file. BTW this is covered in the "Linux FAQ" under "I just found a huge security hole in 'rm' " (the answer being "No you didn't") -Steve -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
