Path: utzoo!attcan!uunet!husc6!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Keywords: mail permissions security
Message-ID: <31681@think.UUCP>
Date: 16 Nov 88 20:04:01 GMT
References: <175@ernie.NECAM.COM> <189@wyn386.UUCP>
Sender: news@think.UUCP
Reply-To: barmar@kulla.think.com.UUCP (Barry Margolin)
Distribution: na
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 30

In article <189@wyn386.UUCP> mikef@wyn386.UUCP (Mike Faber) writes:
>Why can a person with read permission only be able to remove the
>file? ... if Mr. Morris' worm had been destructive, he
>could have wiped out anything that he had READ access to!!!

You are confused about what access is required to remove a file on
Unix.  The access you have to the file being removed has absolutely
nothing to do with your ability to remove it; you can even remove
files you have NO access to.

You probably think this is even worse, because you now think that
anyone can remove any file.  That's not true, however.  Removing files
is considered an operation on the DIRECTORY.  In order to remove a
file, you must have write permission on the directory.

The reasons for this are inherent in the Unix file system structure.
A file may have any number of directory entries (hard links).
Removing a link to a file doesn't necessarily affect the file, since
other links to the file are unaffected.  The file doesn't actually get
wiped off the disk until the last link is removed and all openings of
the file are closed.

So, a destructive person/program CANNOT wipe out anything it has read
access to, unless it is in a directory he has WRITE access to.

Barry Margolin
Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar