Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!caen!uwm.edu!bionet!agate!ucbvax!bloom-beacon!bloom-picayune.mit.edu!athena.mit.edu!jik
From: jik@athena.mit.edu (Jonathan I. Kamens)
Newsgroups: comp.unix.admin
Subject: Re: Possible security problem, need information...
Message-ID: <1991Mar20.234927.20082@athena.mit.edu>
Date: 20 Mar 91 23:49:27 GMT
References: <1991Mar18.200957.166@gacvx2.gac.edu> <1991Mar20.165442.7210@ux1.cso.uiuc.edu>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 28

In article <1991Mar20.165442.7210@ux1.cso.uiuc.edu>, edotto@ux1.cso.uiuc.edu (Ed Otto) writes:
|> But seriously,I think that this is not a problem as mine is the same way.
|> I think that world MUST have write access to the root fs, because otherwise
|> I don't think that you could write ANYTHING on the entire file system unless
|> you were logged in as 'root'...

  What exactly do you mean by this?

	% pwd
	/site/tmp
	% ls -ldg / /site /site/tmp
	drwxr-xr-x 18 root     wheel         512 Mar 20 18:19 //
	drwxr-xr-x  5 root     wheel         512 Mar 20 15:39 /site/
	drwxrwxrwt  3 root     wheel        4096 Mar 20 18:47 /site/tmp/
	% touch foobar
	% whoami
	jik

To write to a directory, you only need *execute* permission on all the
directories above it, and *write* permission to the directory itself.  A Unix
that required write access to all parent directories would be a strange kind
of Unix indeed, and nothing like any I've ever come across.

-- 
Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik@Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8085			      Home: 617-782-0710