Hosting Provided By

Re: deny deleting a file for users.. trying a solution

From: Brian Hatch <focus-linux(at)ifokr.org>
Date: Thu Jun 05 2003 - 12:37:51 EDT

> > It has only one problem if user knows about chmod and chown

If they own their home dir, then they could change the ownership of the file to them in a roundabout way

	$ cd $HOME		# go home
	$ chmod u+w .		# make sure I can write my home dir
	$ cp file newfile	# copy the file owned by someone else
	$ rm file		# I have +wx to my home dir, I can
				# delete other people's files.
	$ mv newfile file	# rename it back

Also, note that on some unix-like operating systems you can use chown itself to change a file you own to be owned by someone else. This is commonly known as 'file givaways' and is a bad idea in general (let's you get around quotas, for example.) Has nothing to do with this thread, but thought I should bring it up. On one of these unix-like systems, it would be possible to change the ownership of one of your files to anybody, regardless of directory perms, and to yourself or anybody else if you have write perms to the directory using the example above.

Linux is not stupid enough to allow file givaways.

--
Brian Hatch                  Join the Army,
   Systems and                meet interesting
   Security Engineer          people, kill them.
http://www.ifokr.org/bri/

Every message PGP signed

application/pgp-signature attachment: stored

Received on Fri Jun 6 11:37:25 2003

This message: [ Message body ]
Next message: Mike Hoskins: "Re: deny deleting a file for users"
Previous message: Brian Hatch: "Re: deny deleting a file for users"
In reply to Glynn Clements: "Re: deny deleting a file for users.. trying a solution"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:20 EDT

Do you need help?