[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: problem with chmod



In <Pine.LNX.4.64.0904030026100.14856@bretnewworkstation.busby.net>, Bret 
Busby wrote:
>had set the permissions on the . file of his account, to 000, and, as
>such, had made the . file on his account, completely inaccessible to
>everyone, including the superuser, and, as the . file is the root of the
>account, he had effectively made his account, totally inaccessible to
>everyone, including the superuser.

Outside of enhanced access controls like SELinux and AppArmor, processes 
with the euid of 0 ignore permission bits.  Even if you chmod 000 a file on 
purpose, a superuser can chmod it to whatever they like, read the entire 
contents (and commit them to memory), replace the contents with half-truths 
about your love-life--basically whatever they want.

>>From memory, it was on a SCO UNIX System V system, running on a LabTam

While I haven't logged in to a SCO UNIX system, ever, I highly doubt that 
they would prevent the superuser from changing permissions on a file, even 
if it was chmod 000.
-- 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: