Well, this is not a bug but a question on the design of most Unix systems. It seams to me, and I tried this on Ultrix 4.3, HPUX 9.01, Linux 1.1.x, when root opens a file, being the owner or not, the system does not check the file permissions before granting him access. The same goes for writting and unlinking a file. I belive this is wrong. Root should always be allowed to chmod a file is he needs to, but granting access without checking file permissions is bad. If this were not so, bugs on suids programms that only allow the attacker to write to a file could be made to fail. For example just make /etc/paswd, or /.rhost chmod a-w, and the attacker cant write to them even with root permissions. Of curse root can always chmod them when hes making a change, and then chmod them back. Any comments on this? If you feell bugtraq is not the apropiate place to talk about design place direct me to a better place. a1 http://dfw.net/~aleph1