Re: FS possible security exposure ?
From: Arjan van de Ven
Date: Sun Dec 25 2005 - 04:42:59 EST
> (when you have hundred of users and hundred of NFS and thousand of
> net groups you don't want a user to edit other file just because he
> has write permission in the patent dir).
if you have write permission in the directory you're allowed to
1) create new files
2) rename existing files
3) delete files
4) rename files over existing files (combo of 2 and 3 sort of)
so an "edit" as you describe is
* create a new file with the new (eg modified) content
* rename the new file over the existing file
that's how reliable editors operate (the rename-over-file is an atomic
operation) to avoid any possibility of dataloss due to crashes etc.
Since the 1-4 rules are pretty much there for all unixes...
Maybe your solaris editor doesn't do editing in this way?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/