Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!usc!ucsd!ucbvax!bloom-beacon!eru!hagbard!sunic!dkuug!daimi!protonen
From: protonen@daimi.aau.dk (Lars J|dal)
Newsgroups: comp.os.minix
Subject: Re: Security hole ?!
Keywords: Program: rm"
Message-ID: <1991Apr9.112015.27469@daimi.aau.dk>
Date: 9 Apr 91 11:20:15 GMT
References: <553@ultrix.uhasun.hartford.edu>
Sender: protonen@daimi.aau.dk (Lars J|dal)
Organization: DAIMI: Computer Science Department, Aarhus University, Denmark
Lines: 34

mgallagh@uhasun.hartford.edu (Michael Gallagher) writes:

>  While doing some more testing/looking-about of Minix [1.5], came across
>what I would tend to  certainly call a  potential security problem in 
>Minix:

[In short: You can rm files you have no acces rights for]

>    This would seem to me to be a potential problem. i.e., files that must
>stay world-readable, such as  passwd could be erased....

I have seen the same problem with my ST Minix 1.1, but I thought must have
been corrected long ago, so I haven't reported.
Actually, I couldn't rm the passwd file (of course I had to try :-) ),
seemingly because rm respected the protection of the directory the passwd 
file is in.

>    Anyone know why this would be the case?? I suppose one could just 
>patch rm & re-compile it, but I'm surprised that it is set as such.

I don't know if I'm right, but I would guess that the rm program runs as
a set-uid owned by root. This means that if the program itself does not
check then the OS will not protect you (OS claim: The root is always
right :-) ).

> -mg


|--------------------------------------------------------------------------|
|      Lars J|dal       |       (put your favourite quotation here)        |
| protonen@daimi.aau.dk |                                                  |
|--------------------------------------------------------------------------|
| Computer Science Department  -  Aarhus University  -  Aarhus  -  Denmark |
|--------------------------------------------------------------------------|