|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
root permissions
Aleph One (aleph1
panacea.library.ucsb.edu)Thu, 25 Aug 1994 10:08:26 -0700 (PDT)
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Greg Woods: "Re: core symlinks"
- Previous message: Christopher Klaus: "Re: nfsbug"
- Next in thread: KevinTX: "Re: root permissions"
Well, this is not a bug but a question on the design of most Unix systems. It seams to me, and I tried this on Ultrix 4.3, HPUX 9.01, Linux 1.1.x, when root opens a file, being the owner or not, the system does not check the file permissions before granting him access. The same goes for writting and unlinking a file. I belive this is wrong. Root should always be allowed to chmod a file is he needs to, but granting access without checking file permissions is bad. If this were not so, bugs on suids programms that only allow the attacker to write to a file could be made to fail. For example just make /etc/paswd, or /.rhost chmod a-w, and the attacker cant write to them even with root permissions. Of curse root can always chmod them when hes making a change, and then chmod them back. Any comments on this? If you feell bugtraq is not the apropiate place to talk about design place direct me to a better place. a1 http://dfw.net/~aleph1
- Next message: Greg Woods: "Re: core symlinks"
- Previous message: Christopher Klaus: "Re: nfsbug"
- Next in thread: KevinTX: "Re: root permissions"