Nasty Security Hole?
Gregg Siegfried
grs at alobar.ATT.COM
Sat Nov 19 14:02:24 AEST 1988
In article <2955 at ingr.UUCP> crossgl at ingr.UUCP (Gordon Cross) writes:
>If you have write access to a directory, you can remove any file it contains
>regardless of the permissions set for that file. This "feature" is not a
>security hole even though it would seem so. I have never liked the way it
>works either since I occasionally desire to protect a file from accidental
>deletion (as one can under VMS). At least rm does ask...
This discussion seems to arise fairly frequently in some of these newsgroups.
I think it's worthwhile to note that in SVR3.2 (and presumably 4.0) this
is no longer necessarily the case. By setting the sticky bit (chmod 1xxx file)
on a directory, users are prevented from removing any files from that directory
except those that they own, even if the directory permissions are 777.
I know that /tmp and /usr/tmp are configured this way by default in 3.2.
>Gordon Cross
Gregg Siegfried
grs at alobar.att.com
AT&T doesn't speak for me, nor I for them.
More information about the Comp.unix.wizards
mailing list