Re: user can delete kernel images (cont)
On Fri, 12 Jun 1998, Steve Mayer wrote:
> I noticed this on my one remaining bo machine. Hamm seems to have
> taken care of this bug.
>
> G. Kapetanios wrote:
> >
> > Following to my previous email I have to say some things.
> >
> > the /boot directory in my machine is
> >
> > drwxrwsr-x 2 root disk 2048 Jun 12 17:58 boot
> > the user who can do that belongs to the disk group but the file which was
> > deleted (/boot/vmlinuz.2.0.0) does not belong to the disk group it is
> > root.root So obviously although I hadn;t realised that before if a group
> > you belong to owns a directory which is writable by the group you can
> > delete stuff from it without owning
> > the files and without belonging to the group which owns the files. Is this
> > safe ?? More importantly I don't know if this is a bug of the installation
> > procedure about 1 1/2 years ago but the permission to /boot were set by
> > that procedure and I never changed them. I know users should not probably
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > belong to group disk but I could have damaged my system really bad if I
^^^^^^^^^^^^^^^^^^^^^^^^
> > had no spare kernels. I guess I must remove the user from the disk group
> > as soon as possible.
> >
> > By the way why is /boot writable by the group disk?
I don't know the "correct" permissions for /boot files, but in terms of
security, protecting them from disk-group users will be quite ineffective:
the disk group has write permission for raw disk devices.
The point about who can delete files in a directory is of course covered in
the FAQ under IIRC "I've discovered a HUGE security hole in rm!".
Cheers,
--
Email: d.wright@open.ac.uk Tel: +44 1908 653 739 Fax: +44 1908 655 151
Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer: These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: