Nasty Security Hole?

Tony Nardo trn%warper.jhuapl.edu at aplvax.jhuapl.edu
Fri Nov 18 02:30:38 AEST 1988


In article <189 at wyn386.UUCP> mikef at wyn386.UUCP (Mike Faber) writes:
|
|I have wondered something about permissions security for a while, now, too.
|
|Why can a person with read permission only be able to remove the file?  For
|example, if I have a file of data (statistical data, for example), and I need
|for any user in my group to read it as input data into their programs, they
|will have read permission to it, but will also be able to remove it (it
|makes sure you want to, but if Mr. Morris' worm had been destructive, he
|could have wiped out anything that he had READ access to!!!  Is there a point
|I'm missing (Op systems back in college doesn't cover enough.  THere ought to be
|an ethics, or a security chapter in every O/S book.)  

A pity the implementers of UNIX didn't borrow one the idea of having a
separate "delete" bit.  It's one of a number of DEC features I miss.

==============================================================================
ARPA:   trn%warper at aplvax.jhuapl.edu	(dumb mailers)
BITNET:	trn at warper.jhuapl.edu		(also smart APRA mailers)
UUCP:	{backbone!}mimsy!aplcomm!warper!trn

"Those who can do, those who can't teach.  And those who can't do either
 become critics.  That's why there's so many of them."
				A PORTRAIT OF THE ARTIST AS A YOUNG GOD
==============================================================================



More information about the Comp.unix.wizards mailing list