Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!math.fu-berlin.de!tmpmbx!scuzzy!src
From: src@scuzzy.in-berlin.de (Heiko Blume)
Newsgroups: comp.unix.admin
Subject: Re: Possible security problem, need information..
Message-ID: <1991Mar22.000333.22597@scuzzy.in-berlin.de>
Date: 22 Mar 91 00:03:33 GMT
References: <1991Mar19.194216.5763@kithrup.COM> <873@optima.cs.arizona.edu>
Organization: Contributed Software
Lines: 28

ric@optima.UUCP (Ric Anderson,GS-746,6214048,) writes:
>The sticky bit is NOT (repeat NOT) implemented on all systems.  If the
>sticky bit is implemented CORRECTLY, then the worst I can do is create
>a file in /, and make it grow till "/" fills up.  This is good for a
>crash on some systems :-)

>However, if the sticky bit is unimplemented, or is implemented half
>heartedly, then you can move files you own on top of files someone else
>owns (even though you may not be able to rm files owned by others).

i tried this on isc 2.2.1 as user src:

# [ls]
drwxrwxrwt  15 root     root         880 Mar 22 00:44 /tmp
-rw-r--r--   1 root     other          4 Mar 22 00:39 /tmp/test
-rw-r--r--   1 src      src            5 Mar 22 00:39 /tmp/test2
# mv test2 test
mv: test: 644 mode?y
mv: cannot unlink .
mv: permission denied

so the sticky bit works (i tried cp test2 test, echo bla>>test etc too),
but what does the 'mv: cannot unlink .' mean???? ain't got no clue...
-- 
      Heiko Blume <-+-> src@scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93
                  public UNIX source archive [HST V.42bis]:
        scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp
                     uucp scuzzy!/src/README /your/home