Re: File Permissions are incorrect. Security flaw in Linux

[Felipe Alfaro Solana]

On Wed, 2003-10-01 at 14:40, Lisa R. Nelson wrote:

> [1.] One line summary of the problem:    
> A low level user can delete a file owned by root and belonging to group
> root even if the files permissions are 744.  This is not in agreement
> with Unix, and is a major security issue.

Don't know which Unix you are referring to, but on Solaris and Linux,
the delete (unlink) and create file operations are subject to directory
permissions. Thus, deleting a file requires write permission on the
directory. The write permission on a file allows to modify its contents
and has nothing to do with being able to delete it.

Thus, what you are seeing is completely normal:

1. mkdir /mydir
2. cd /mydir
3. chmod 777 .
4. touch myfile
5. chmod 444 myfile

Anyone will be able to delete "myfile" since the directory where it
belongs (mydir) has full write privileges for anyone.

I recommend you using the sticky bit on shared directories, like /tmp.
If a directory has the sticky bit enabled, a file can only be deleted by
its owner (and root, of course):

1. mkdir /mydir
2. cd /mydir
3. chmod 1777 .
4. touch myfile

Now, "myfile" can only be deleted by its owner (or root), since the
directory where it belongs is marked with the sticky bit.

HTH


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/