Vulnerability Development mailing list archives
Fwd: permission issues on Apple OSX
From: KF <dotslash () snosoft com>
Date: Sun, 30 Sep 2001 20:37:37 -0700
Begin forwarded message:
<vuln-dev () lists securityfocus com>:ezmlm-reject: fatal: Sorry, I don't accept messages of MIME Content-Type 'multipart/alternative' (#5.2.3)--- Below this line is a copy of the message. Attached is some questions I had on file system permissions. --Apple-Mail-1355773572-2 Content-Disposition: attachment; filename="permissions.txt" Content-Type: text/plain; name="permissions.txt"; x-unix-mode=0644 Content-Transfer-Encoding: quoted-printable I am confused as to how permissions are set on symbolic links and normalfiles created by the average joe schmoe user with standard privs on OSX.=20=My exact version info is ... Darwin Kernel Version 1.3.7: Sat=20 Jun 9 11:12:48 PDT 2001; root:xnu/xnu-124.13.obj~1/RELEASE_PPC=20 on OSX 10.0.4 Build 4Q12. Let me walk you through my confusion.=20Clicked System Prefs then went to users and filled out the form to make =a user. I made sure I did not check the box to allow this user to admin the box Telnet in and login as joeschmoe [osxinsightrrcom:/tmp] root# telnet localhost Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Darwin/BSD (osxinsightrrcom) (ttyp3) login: joeschmoe Password: Welcome to Darwin! [osxinsightrrcom:~] joeschmo% id uid=3D504(joeschmo) gid=3D20(staff) groups=3D20(staff) Looks like the only groups I am in are staff.=20 [osxinsightrrcom:~] joeschmo% pwd /Users/joeschmo [osxinsightrrcom:~] joeschmo% touch file=20 [osxinsightrrcom:~] joeschmo% ls -al file -rw-r--r-- 1 joeschmo staff 0 Sep 30 19:53 file all looks fine here uid=3Djoeschmoe gid=3Dstaff Move to /tmp and do the same thing.=20 This is the first thing I find odd is the file is now=20 uid=3Djoeschmoe and gid=3Dwheel instead of gid=3Dstaff.=20 [osxinsightrrcom:~] joeschmo% cd /tmp [osxinsightrrcom:/tmp] joeschmo% touch file=20 [osxinsightrrcom:/tmp] joeschmo% ls -al file -rw-r--r-- 1 joeschmo wheel 0 Sep 30 20:05 file Now lets try an ln because its even weirder. Now perms are=20 uid=3Droot gid=3Dwheel which makes no sense to me.=20 ( I was attempting to exploit man so don't mind the file names)=20 [osxinsightrrcom:/tmp] joeschmo% ln -s /etc/issue man.000112 [osxinsightrrcom:/tmp] joeschmo% ls -al man.000112 lrwxrwxrwt 1 root wheel 10 Sep 30 20:07 man.000112 -> /etc/issue Same command in my home dir. Whats the deal here? Why is it=20 uid=3Djoeschmoe and gid=3Dstaff here but not in /tmp [osxinsightrrcom:~] joeschmo% ln -s /etc/issue man.000112 [osxinsightrrcom:~] joeschmo% ls -al man.* lrwxr-xr-x 1 joeschmo staff 10 Sep 30 20:10 man.000112 -> /etc/issue /tmp is a Symbolic link to /private so lets see what it looks like [osxinsightrrcom:/private/cores] joeschmo% ls -al /tmp lrwxrwxr-t 1 root admin 11 Sep 30 19:12 /tmp -> private/tmp [osxinsightrrcom:/private/cores] joeschmo% ls -al /private/ total 0 drwxr-xr-x 7 root wheel 194 Sep 30 13:31 . drwxrwxr-t 26 root admin 840 Sep 30 19:12 .. drwxr-xr-x 3 root wheel 264 Apr 27 08:30 Drivers drwxrwxrwt 3 root wheel 58 Sep 30 20:12 cores drwxr-xr-x 59 root wheel 1962 Sep 29 16:51 etc drwxrwxrwt 7 root wheel 194 Sep 30 20:07 tmp drwxr-xr-x 17 root wheel 534 Sep 30 13:31 varcores and tmp seem to have the same perms so the same issue applys there =also [osxinsightrrcom:/private/cores] joeschmo% ln -s /etc/issue man.000112 [osxinsightrrcom:/private/cores] joeschmo% ls -al man.* lrwxrwxrwt 1 root wheel 10 Sep 30 20:12 man.000112 -> /etc/issue Can anyone tell me whats going on here?=20 -KF --Apple-Mail-1355773572-2-- --Apple-Mail-763401367-1--
Current thread:
- Fwd: permission issues on Apple OSX KF (Oct 01)