home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.os.linux
- Path: sparky!uunet!techbook!kosina
- From: kosina@techbook.com (Martin Kosina)
- Subject: Security problem with "rm"
- Message-ID: <Bz9uF1.1AE@techbook.com>
- Organization: TECHbooks of Beaverton Oregon - Public Access Unix
- Date: Mon, 14 Dec 1992 22:56:39 GMT
- Lines: 39
-
-
- I am having a serious security problem with the 'rm' command.
- I have discovered that non-superusers can REMOVE files owned
- by root. I doubt that such a serious bug could exist in Linux,
- it must be something in my setup:
-
- mkosina:NotSt0PgElMbo:100:6:Martin Kosina:/home/mkosina:/bin/sh
-
- This is the /etc/passwd entry for 'mkosina', my user login.
- This is a file in /etc that I will try to delete:
-
- -rw-r--r-- 1 root root 62 Dec 11 21:02 rc.local
-
- When I do 'rm rc.local' rm responds:
-
- rm: remove `rc.local`, overriding mode 0644?
-
- If I than say yes, it will be DELETED !
-
- All other security works, read-only files deny permissions
- to be over-written, processes refuse to be killed,etc.
-
- I am running an out-of-the-box release of SLS p1-36.
- This MUST be a permission problem somewhere, the only
- thing I can think of is that SOMETHING runs setuid 0.
- It should not be rm, though, here is what it looks like:
-
- -rwxr-xr-x 1 root root 5056 Sep 4 23:20 /bin/rm*
-
- Any Linux gurus out there who can help me ?
- Thanks in advance.
-
- Martin
-
- P.S. If this is indeed a bug in rm (or the unlink sys call ?)
- which I doubt, could you tell me how to upgrade ? I can ftp.
- --
- kosina@techbook.COM Public Access User --- Not affiliated with TECHbooks
- Public Access UNIX and Internet at (503) 220-0636 (1200/2400, N81)
-
