Re: FS possible security exposure ?
From: regatta
Date: Sun Dec 25 2005 - 05:10:30 EST
I'm using Vi in Solaris and Vim in Linux, do you think this is the
problem ? (because when I use "echo BLABAL >> FILE_I_DONT_OWN_IT" it
will give me permission denied in Linux)
but if you think about it, how could the system allow the user to
modify a file that he don't own it and he don't have write privilege
on the file just because he has write in the parent directory ?
Maybe I'm wrong, but is this normal ? please let me know
BTW: is there any document, article or any page about this so I can
show it to my boss :)
Thanks
On 12/25/05, Arjan van de Ven <arjan@xxxxxxxxxxxxx> wrote:
>
> > (when you have hundred of users and hundred of NFS and thousand of
> > net groups you don't want a user to edit other file just because he
> > has write permission in the patent dir).
>
> if you have write permission in the directory you're allowed to
> 1) create new files
> 2) rename existing files
> 3) delete files
> 4) rename files over existing files (combo of 2 and 3 sort of)
>
> so an "edit" as you describe is
> * create a new file with the new (eg modified) content
> * rename the new file over the existing file
>
> that's how reliable editors operate (the rename-over-file is an atomic
> operation) to avoid any possibility of dataloss due to crashes etc.
>
> Since the 1-4 rules are pretty much there for all unixes...
> Maybe your solaris editor doesn't do editing in this way?
>
>
>
>
--
Best Regards,
--------------------
-*- If Linux doesn't have the solution, you have the wrong problem -*-
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/