Bugtraq mailing list archives
root permissions
From: aleph1 () panacea library ucsb edu (Aleph One)
Date: Thu, 25 Aug 1994 10:08:26 -0700 (PDT)
Well, this is not a bug but a question on the design of most Unix systems. It seams to me, and I tried this on Ultrix 4.3, HPUX 9.01, Linux 1.1.x, when root opens a file, being the owner or not, the system does not check the file permissions before granting him access. The same goes for writting and unlinking a file. I belive this is wrong. Root should always be allowed to chmod a file is he needs to, but granting access without checking file permissions is bad. If this were not so, bugs on suids programms that only allow the attacker to write to a file could be made to fail. For example just make /etc/paswd, or /.rhost chmod a-w, and the attacker cant write to them even with root permissions. Of curse root can always chmod them when hes making a change, and then chmod them back. Any comments on this? If you feell bugtraq is not the apropiate place to talk about design place direct me to a better place. a1 http://dfw.net/~aleph1
Current thread:
- core symlinks, (continued)
- core symlinks Aleph One (Aug 24)
- Re: core symlinks Bennett Todd (Aug 24)
- Re: core symlinks Greg Woods (Aug 25)
- Re: core symlinks Terje Normann Marthinussen (Aug 26)
- Re: core symlinks Bennett Todd (Aug 24)
- Re: core symlinks pluvius (Aug 25)
- Re: core symlinks Thomas D. Nadeau (Aug 25)
- Re: core symlinks Thomas D. Nadeau (Aug 25)
- core symlinks Aleph One (Aug 24)
- Re: nfsbug Steve Salvini (Aug 25)
- Re: nfsbug Christopher Klaus (Aug 25)
- Re: nfsbug Rafi Sadowsky (Aug 25)
- root permissions Aleph One (Aug 25)
- Re: root permissions KevinTX (Aug 25)
- Re: root permissions Paul Robinson (Aug 26)
- Re: root permissions Peter Wemm (Aug 26)
- Re: nfsbug Christopher Klaus (Aug 25)