Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uwm.edu!cs.utexas.edu!usc!snorkelwacker!bloom-beacon!eru!hagbard!sunic!mcsun!hp4nl!tuegate.tue.nl!svin02!eba!ebg!volf
From: volf@ebg.eb.ele.tue.nl (frank volf)
Newsgroups: comp.sys.apollo
Subject: DM editor ignoring directory write access???
Message-ID: <831@eba.eb.ele.tue.nl>
Date: 28 Sep 90 11:06:39 GMT
Sender: news@eb.ele.tue.nl (The News system)
Reply-To: volf@eb.ele.tue.nl
Organization: Digital Systems Group, Technical Univ. Eindhoven, The Netherlands.
Lines: 48


I have a question.

Is was just hacking around on our Apollo's SR10.2 / BSD4.3 and 
I noticed something strange (i.e I think it is strange). I show
you the problem using a sample session.

First of all, I'm logged in on the Display Manager under my own
account 'volf'.
Then I go to someone elses account 'maxad' (don't worry maxad is
just another me) and go to some directory called junk for which I don't 
have any write access!

ebg{volf}[//ebg/users/volf] 17 > cd ~maxad/junk
ebg{volf}[//ebk/users/maxad/junk] 18 > ll
total 3
   1 drwxr-xr-x   1 maxad        1024 Sep 28 09:11 .
   1 drwxrwxr-x   1 maxad        1024 Sep 28 09:11 ..
   1 -rw-r--r--   1 volf           24 Sep 28 09:11 test

The file test in this directory is owned by me and therefore I can 
edit it. I do this using the DM editor. After I finished editing I ask for
a directory list.

ebg{volf}[//ebk/users/maxad/junk] 19 > ll
total 4
   1 drwxr-xr-x   1 maxad        1024 Sep 28 09:13 .
   1 drwxrwxr-x   1 maxad        1024 Sep 28 09:11 ..
   1 -rw-r--r--   1 volf           49 Sep 28 09:13 test
   1 -rw-r--r--   1 volf           24 Sep 28 09:11 test.bak
ebg{volf}[//ebk/users/maxad/junk] 20 > 

The directory now contains two entries!! But I don't have any write access
to the directory. 

Here are my questions. How is it possible for the DM to create an entry in a
directory for which I don't have write access? If creating a .bak file is no
problem, is it possible (in some nasty way) to create an arbitrary file in a 
arbitrary directory. In that case we have a BIG security problem.

                               Thanx, Frank
                    


Frank Volf (volf@eb.ele.tue.nl)
Eindhoven University of Technology
Digital Systems Group, Room EH10.08
P.O. 513, 5600 MB Eindhoven, The Netherlands