Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!mmdf
From: wjb%cogsci.COG.JHU.EDU@vm1.nodak.edu
Newsgroups: comp.os.minix
Subject: Re: Security hole ?!
Message-ID: <50332@nigel.ee.udel.edu>
Date: 10 Apr 91 22:56:10 GMT
Sender: mmdf@ee.udel.edu
Lines: 18

In article <31804@usc> kjh wrote:
>In article <50276@nigel.ee.udel.edu> HBO043@DJUKFA11.BITNET (Christoph van
 Wuellen) writes:
>>On UNIX, you can e.g. remove files beloging to other users if they reside
>>in /tmp
>
>Not in BSD.  I think that BSD handles this correctly.  A file owned by
>another user in /tmp should not be unlinkable if it doesn't have write
>status for the user doing the unlinking, even if the directory gives
>write status to that user.

	Even BSD allows you to do this.  It is a selectable option.  If the
directory has the "sticky" bit turned on then you can not remove other
people's files.  If it is not set (the default and historically compatible
case) then you can do so.  Check the permissions on /tmp and see if your
sticky bit is turned on.

				Bill Bogstad