home *** CD-ROM | disk | FTP | other *** search
/ NetNews Usenet Archive 1992 #16 / NN_1992_16.iso / spool / comp / security / misc / 806 < prev    next >
Encoding:
Internet Message Format  |  1992-07-23  |  1.0 KB
  1. Path: sparky!uunet!usc!sdd.hp.com!swrinde!elroy.jpl.nasa.gov!ames!news.hawaii.edu!wiliki.eng.hawaii.edu!newsham
  2. From: newsham@wiliki.eng.hawaii.edu (Timothy Newsham)
  3. Newsgroups: comp.security.misc
  4. Subject: Re: root-owned world-writable files
  5. Message-ID: <1992Jul24.045249.19932@news.Hawaii.Edu>
  6. Date: 24 Jul 92 04:52:49 GMT
  7. References: <1992Jul21.201056.662@newshost.lanl.gov> <14htt0INNiep@hilbert.math.ksu.edu> <1992Jul22.153044.5242@jarvis.csri.toronto.edu>
  8. Sender: root@news.Hawaii.Edu (News Service)
  9. Organization: University of Engineering, College of Engineering
  10. Lines: 7
  11. Nntp-Posting-Host: wiliki.eng.hawaii.edu
  12.  
  13. root owned world writeable files can be a problem on systems without
  14. chown...  the problem is that a user who has a world writeable directory
  15. could be invaded by writing the root file, and linking they guys dot files
  16. to it.  The security mechanism to stop such acts is that the file must be
  17. owned by root or the person whos home directory it is (ie. .rhosts).
  18. The guy shouldnt have a world writeable home directory in the first place 
  19. anway...
  20.