Re: user can delete kernel images
On Fri, Jun 12, 1998 at 06:02:47PM +0100, G. Kapetanios wrote:
>
> Hi,
>
> Something very strange has happened to my system. I have my kernels in
> /boot (the usual setup ) with permission 644.
um 644...thats um... owner: rwx group: r other: r ?
I don't know my octal modes..forgive me :)
anyway...
>I have never touched that
> after they are created by the kernel-package. I am doing some experiments
> concerning security. So I tried as a user with no root privileges and no
> root group privileges to delete the files /boot/vmlinuz.2.0.0 and
> /boot/vmlinuz.2.0.27 I was asked whether 644 should be overrided I said
> yes and it removed the files !!!! Why ??
ahh well...that means that permissions on the directory are wrong ;)
check this out:
I (as root) make a new dir "test" and give it these perms:
drwxrwxrwx 2 root root 1024 Jun 12 15:21 test
in test I make this file:
---------- 1 root root 0 Jun 12 15:22 safe
so noone has permission to do ANYTHING to the file.
now as sjc (normal user) in test:
$ cat safe
cat: safe: Permission denied
then:
$ rm safe
rm: remove `safe', overriding mode 0000? y
$ ls -l
total 0
$
ok why does this work? rm does not acess the file...it changes teh DIRECTORY
so if the user has write permisions to /boot then they can
delete ANY file in /boot
even if they don't have acess to thge file.
BTW this is covered in the "Linux FAQ" under "I just found a huge security
hole in 'rm' " (the answer being "No you didn't")
-Steve
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: