Re: user can delete kernel images (cont)

To: Steve Mayer <smayer@rtd.com>
Cc: "G. Kapetanios" <gk205@cus.cam.ac.uk>, debian-user@lists.debian.org
Subject: Re: user can delete kernel images (cont)
From: David Wright <D.Wright@open.ac.uk>
Date: Mon, 15 Jun 1998 14:40:39 +0100 (BST)
Message-id: <[🔎] Pine.SOL.3.91.980615143302.15990A-100000@tyne>
In-reply-to: <[🔎] 3581645C.854022CF@rtd.com>

On Fri, 12 Jun 1998, Steve Mayer wrote:

>   I noticed this on my one remaining bo machine.  Hamm seems to have
> taken care of this bug.
> 
> G. Kapetanios wrote:
> > 
> > Following to my previous email I have to say some things.
> > 
> > the /boot directory in my machine is
> > 
> > drwxrwsr-x   2 root     disk         2048 Jun 12 17:58 boot
> > the user who can do that belongs to the disk group but the file which was
> > deleted (/boot/vmlinuz.2.0.0) does not belong to the disk group it is
> > root.root So obviously although I hadn;t realised that before if a group
> > you belong to owns a directory which is writable by the group you can
> > delete stuff from it without owning
> > the files and without belonging to the group which owns the files. Is this
> > safe ?? More importantly I don't know if this is a bug of the installation
> > procedure about 1 1/2 years ago but the permission to /boot were set by
> > that procedure and I never changed them. I know users should not probably
                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > belong to group disk but I could have damaged my system really bad if I
    ^^^^^^^^^^^^^^^^^^^^^^^^
> > had no spare kernels. I guess I must remove the user from the disk group
> > as soon as possible.
> > 
> > By the way why is /boot writable by the group disk?

I don't know the "correct" permissions for /boot files, but in terms of
security, protecting them from disk-group users will be quite ineffective:
the disk group has write permission for raw disk devices.

The point about who can delete files in a directory is of course covered in
the FAQ under IIRC "I've discovered a HUGE security hole in rm!".

Cheers,

-- 
Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: user can delete kernel images (cont)
  - From: Steve Mayer <smayer@rtd.com>

Prev by Date: Re: Install problem
Next by Date: xkoules locked my system
Previous by thread: Re: user can delete kernel images (cont)
Next by thread: Re: user can delete kernel images (cont)
Index(es):
- Date
- Thread