Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!crdgw1!uunet!mcsun!hp4nl!utrcu1!mi.eltn.utwente.nl!klamer
From: klamer@mi.eltn.utwente.nl (Klamer Schutte)
Newsgroups: comp.os.minix
Subject: Re: Security hole ?!
Keywords: Program: rm"
Message-ID: <klamer.671207378@mi.eltn.utwente.nl>
Date: 9 Apr 91 14:29:38 GMT
References: <553@ultrix.uhasun.hartford.edu>
Sender: news@utrcu1.UUCP
Organization: University of Twente, BSC-El
Lines: 23

In <553@ultrix.uhasun.hartford.edu> mgallagh@uhasun.hartford.edu (Michael Gallagher) writes:


>  While doing some more testing/looking-about of Minix [1.5], came across
>what I would tend to  certainly call a  potential security problem in 
>Minix:

>   Using two accts that were not priv'd, I found that while files created
>by one could not be read, etc with by the other if protections were not set
>for world or group [umask = 77], they COULD be rm'd. In fact, you are
>prompted as to whether you wish to actually remove this file DESPITE that
>it's protection code is 700 [no world or group access]. 

In UNIX a file is deleteable (rather, unlinkable, if you get the fine
difference) when the directory in which it resides is writable.
So the directory in which you tried this should have been writable for
both users.

Klamer
-- 
Klamer Schutte
Faculty of electrical engineering -- University of Twente, The Netherlands
klamer@mi.eltn.utwente.nl	{backbone}!mcsun!mi.eltn.utwente.nl!klamer