Re: Security Alert w/ uemacs3.11

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Subject: Re: Security Alert w/ uemacs3.11

Date: Tuesday, November 3, 1992 - 2:49 pm

In article <1992Oct30.183300.14296@athena.mit.edu> zabka@infpav4.kfk.de (Zabka) writes:
quoted text> 
> 1. Logged in as nonprivileged user rza
> 
> 2. rza % ll /etc/profile
> -rw-r--r--    root    root    <date>          /etc/profile
>                               
> 3. rza % emacs /etc/profile
> 
>    ...edit...edit...
>    ^X^S
>  
>  --> uemacs tells me: wrote 23 lines
> 
>               Although the file should have been readonly!
> 
> 4. rza % ll /etc/profile
> -rw-------    rza     users   <date>          /etc/profile
> 
>       !!!!! ___OOOPS!____ !!!!
> 
>  I think everybody should be warned about this behaviour. Haven't looked
>  at the sources yet, but I expect it to be a bug in uemacs rather than in 
>  Linux.

It looks like rza has write permissions on directory /etc.  By default,
uemacs renames the original file to a backup name, then writes the changed
file as a brand-new file, then unlinks the backup after the successful
write.  A user does not have to have write permission on a file to rename
or delete it, just write permission on the **directory** where the file lives.

Check the permissions on /etc - you should find something like:

drwxrwxrwx   root  system     <date>  /etc

-- 
===========================================================================
|     Joe M. Doss, Jr.                     (standard disclaimer applies)  |
|  jdoss@jmd386.lonestar.org                  <insert cute quote here>    |
===========================================================================

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: Security Alert w/ uemacs3.11, Joe M. Doss, (Tue Nov 3, 2:49 pm)

Navigation

Popular discussions


linux-kernel:
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Andi Kleen	Re: [PATCH] Version 3 (2.6.23-rc8) Smack: Simplified Mandatory Access Control Kernel
Paolo Giarrusso	Re: [uml-devel] User Mode Linux still doesn't build in 2.6.23-final.
Jeremy Fitzhardinge	Re: [RFC] Heads up on sys_fallocate()
git:

linux-netdev:
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jarek Poplawski	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Alexey Dobriyan	Re: [GIT]: Networking
Julius R. Volz	[PATCH 18/26] IPVS: Add functions for getting/creating IPv6 connections.
openbsd-misc:

Colocation donated by:

Online users

Syndicate