Path: utzoo!attcan!uunet!ingr!crossgl
From: crossgl@ingr.UUCP (Gordon Cross)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Summary: to delete a file you only need to have write permission to the
	 directory it is in.
Keywords: mail permissions security
Message-ID: <2955@ingr.UUCP>
Date: 17 Nov 88 21:37:24 GMT
References: <175@ernie.NECAM.COM> <189@wyn386.UUCP>
Distribution: na
Organization: Intergraph Corp. Huntsville, Al
Lines: 14

In article <189@wyn386.UUCP>, mikef@wyn386.UUCP (Mike Faber) writes:
> 
> Why can a person with read permission only be able to remove the file?

If you have write access to a directory, you can remove any file it contains
regardless of the permissions set for that file.  This "feature" is not a
security hole even though it would seem so.  I have never liked the way it
works either since I occasionally desire to protect a file from accidental
deletion (as one can under VMS).  At least rm does ask...


Gordon Cross
Intergraph Corp.  Huntsville, AL
...uunet!ingr!crossgl