Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!news.cs.indiana.edu!arizona.edu!arizona!optima.UUCP
Newsgroups: comp.unix.admin
Subject: Re: Possible security problem, need information..
Message-ID: <873@optima.cs.arizona.edu>
From: ric@optima.UUCP (Ric Anderson,GS-746,6214048,)
Date: 19 Mar 91 23:00:17 GMT
Sender: news@cs.arizona.edu
References: <1991Mar19.194216.5763@kithrup.COM>
Lines: 27

From article <1991Mar19.194216.5763@kithrup.COM>, by sef@kithrup.COM (Sean Eric Fagan):
> In article <1991Mar19.151145.11208@decuac.dec.com> mjr@hussar.dco.dec.com (Marcus J. Ranum) writes:
>>>"ls -ld /" is "drwxrwxrwt".
>>	mv /bin /...
> 
> Won't work. Notice the sticky-bit is set on /.  That means you cannot delete
> or rename files that you do not own.  You can create new files and
> directories in /, but that's about it.  So it's less insecure than it
> appears.
> Sean Eric Fagan  sef@kithrup.COM

The sticky bit is NOT (repeat NOT) implemented on all systems.  If the
sticky bit is implemented CORRECTLY, then the worst I can do is create
a file in /, and make it grow till "/" fills up.  This is good for a
crash on some systems :-)

However, if the sticky bit is unimplemented, or is implemented half
heartedly, then you can move files you own on top of files someone else
owns (even though you may not be able to rm files owned by others).

Ric

Ric Anderson                    Member of the Technical Staff
University of Arizona           Internet: ric@cs.arizona.edu
Department of Computer Science  UUCP: uunet!arizona!ric
Gould-Simpson Room 721          Bitnet: ric%cs.arizona.edu@arizona.bitnet
Tucson, Arizona 85721           AT&T: (602) 621-4048