Re: Exploit in Upgrade Chain?
On Friday, 2009-02-13 at 11:55:54 +0200, Izak Burger wrote:
> On Thu, Feb 12, 2009 at 10:37 PM, Lupe Christoph <lupe@lupe-christoph.de> wrote:
> > Mode 600 will deny /etc to everybody except root while it will change
> > nothing for root. If you have any services on your system that run under
> > non-root UIDs, and that have config under /etc, you hose them with any
> > mode that removes the eXecute bit for "others".
> Mode 600 (on a directory) lacks the access bit, so even root will have
> a hard time getting much joy out of /etc. You will need at least 700
> to give root access.
But UID 0 ignores the access mode. With root, you can even access
/etc if it has mode 000:
# ls -ld /etc /etc/passwd
d--------- 176 root root 12288 2009-02-13 01:08 /etc
-rw-r--r-- 1 root root 2292 2008-10-30 16:54 /etc/passwd
Lupe Christoph
--
| There is no substitute for bad design except worse design. |
| /me |
Reply to: