rm etc. (was: Nasty Security Hole?)
Richard A. O'Keefe
ok at quintus.uucp
Thu Dec 1 00:54:24 AEST 1988
In article <13193 at ncoast.UUCP> allbery at ncoast.UUCP (Brandon S. Allbery) writes:
>As quoted from <730 at quintus.UUCP> by ok at quintus.uucp (Richard A. O'Keefe):
>| % att rm zabbo
>| zabbo: 0 mode ? n
>| % bsd rm zabbo
>| rm: override protection 0 for zabbo? n
>If UUNET is any guide, V.2 on Sequents isn't.
> $ >foo ; chmod 0 foo ; rm foo
> rm: remove foo? n
>
>I've seen the above on quite a few systems of V.2, V.3, and Xenix 5.x
>persuasions.
UNIX System V/386 Release 3.0 80386 says
foo: 0 mode ?
just like the Sequent. There is more reason to doubt UUNET: the SVID
clearly and explicitly states in RM(BU_CMD) that
If a file has no write permission
and the standard input is a terminal,
its [presumably the file's] permissions are printed
and a line is read from the standard input.
Something which purports to be V.2 "rm" ought to obey the SVID and
print the permissions *somehow* (though the SVID doesn't specify a
format).
Internationalisation will be a great opportunity to tidy this up.
More information about the Comp.unix.wizards
mailing list