Bugtraq mailing list archives
root permissions
From: aleph1 () panacea library ucsb edu (Aleph One)
Date: Thu, 25 Aug 1994 10:08:26 -0700 (PDT)
Well, this is not a bug but a question on
the design of most Unix systems. It seams to me, and
I tried this on Ultrix 4.3, HPUX 9.01, Linux 1.1.x,
when root opens a file, being the owner or not, the
system does not check the file permissions before
granting him access. The same goes for writting and
unlinking a file.
I belive this is wrong. Root should always be
allowed to chmod a file is he needs to, but granting
access without checking file permissions is bad. If
this were not so, bugs on suids programms that only
allow the attacker to write to a file could be made
to fail. For example just make /etc/paswd, or /.rhost
chmod a-w, and the attacker cant write to them even
with root permissions. Of curse root can always chmod
them when hes making a change, and then chmod them back.
Any comments on this? If you feell bugtraq is
not the apropiate place to talk about design place
direct me to a better place.
a1
http://dfw.net/~aleph1
Current thread:
- core symlinks, (continued)
- core symlinks Aleph One (Aug 24)
- Re: core symlinks Bennett Todd (Aug 24)
- Re: core symlinks Greg Woods (Aug 25)
- Re: core symlinks Terje Normann Marthinussen (Aug 26)
- Re: core symlinks Bennett Todd (Aug 24)
- Re: core symlinks pluvius (Aug 25)
- Re: core symlinks Thomas D. Nadeau (Aug 25)
- Re: core symlinks Thomas D. Nadeau (Aug 25)
- core symlinks Aleph One (Aug 24)
- Re: nfsbug Steve Salvini (Aug 25)
- Re: nfsbug Christopher Klaus (Aug 25)
- Re: nfsbug Rafi Sadowsky (Aug 25)
- root permissions Aleph One (Aug 25)
- Re: root permissions KevinTX (Aug 25)
- Re: root permissions Paul Robinson (Aug 26)
- Re: root permissions Peter Wemm (Aug 26)
- Re: nfsbug Christopher Klaus (Aug 25)