home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!portal!lll-winken!cert!news.sei.cmu.edu!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!cs.utexas.edu!sun-barr!olivea!pagesat!spssig.spss.com!news.oc.com!utacfd.uta.edu!trsvax!rwsys!jmd386!jdoss
- From: jdoss@jmd386.lonestar.org (Joe M. Doss)
- Newsgroups: comp.os.linux
- Subject: Re: Security Alert w/ uemacs3.11
- Message-ID: <1992Nov3.184913.5560@jmd386.lonestar.org>
- Date: 3 Nov 92 18:49:13 GMT
- References: <1992Oct30.183300.14296@athena.mit.edu>
- Organization: JD's home system
- Lines: 40
-
- In article <1992Oct30.183300.14296@athena.mit.edu> zabka@infpav4.kfk.de (Zabka) writes:
- >
- > 1. Logged in as nonprivileged user rza
- >
- > 2. rza % ll /etc/profile
- > -rw-r--r-- root root <date> /etc/profile
- >
- > 3. rza % emacs /etc/profile
- >
- > ...edit...edit...
- > ^X^S
- >
- > --> uemacs tells me: wrote 23 lines
- >
- > Although the file should have been readonly!
- >
- > 4. rza % ll /etc/profile
- > -rw------- rza users <date> /etc/profile
- >
- > !!!!! ___OOOPS!____ !!!!
- >
- > I think everybody should be warned about this behaviour. Haven't looked
- > at the sources yet, but I expect it to be a bug in uemacs rather than in
- > Linux.
-
- It looks like rza has write permissions on directory /etc. By default,
- uemacs renames the original file to a backup name, then writes the changed
- file as a brand-new file, then unlinks the backup after the successful
- write. A user does not have to have write permission on a file to rename
- or delete it, just write permission on the **directory** where the file lives.
-
- Check the permissions on /etc - you should find something like:
-
- drwxrwxrwx root system <date> /etc
-
- --
- ---------------------------------------------------------------------------
- | Joe M. Doss, Jr. (standard disclaimer applies) |
- | jdoss@jmd386.lonestar.org <insert cute quote here> |
- ---------------------------------------------------------------------------
-
