Nasty Security Hole?
Pat Barron
pat at orac.UUCP
Mon Nov 21 05:08:37 AEST 1988
In article <145 at tree.UUCP> stever at tree.UUCP (Steve Rudek) writes:
>Yeah, unfortunately write permission to a file or directory is an
>all-or-nothing matter. You can't give permission to add a new file to
>a directory without also granting permission to wipe out everything in
>that directory, can you?
4.3BSD lets you do this. If you set the "sticky bit" on a directory,
then nobody will be able to remove files from that directory that they
don't own, even if the directory permissions say otherwise. Lots of
sites have /usr/tmp mode 1777 (read/write/execute by all, with sticky
bit). You can add files, and remove them when you're done, but you
can't unlink someone else's file.
--Pat.
More information about the Comp.unix.wizards
mailing list