Path: utzoo!attcan!uunet!husc6!uwvax!tank!mimsy!aplcen!aplcomm!trn%warper.jhuapl.edu@aplvax.jhuapl.edu
From: trn%warper.jhuapl.edu@aplvax.jhuapl.edu (Tony Nardo)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Keywords: mail permissions security
Message-ID: <2470@aplcomm.jhuapl.edu>
Date: 17 Nov 88 16:30:38 GMT
References: <175@ernie.NECAM.COM> <189@wyn386.UUCP>
Sender: news@aplcomm.jhuapl.edu
Reply-To: trn%warper.jhuapl.edu@aplvax.jhuapl.edu (Tony Nardo)
Distribution: na
Organization: Johns Hopkins University/APL (Baltimore, Md.)
Lines: 25

In article <189@wyn386.UUCP> mikef@wyn386.UUCP (Mike Faber) writes:
|
|I have wondered something about permissions security for a while, now, too.
|
|Why can a person with read permission only be able to remove the file?  For
|example, if I have a file of data (statistical data, for example), and I need
|for any user in my group to read it as input data into their programs, they
|will have read permission to it, but will also be able to remove it (it
|makes sure you want to, but if Mr. Morris' worm had been destructive, he
|could have wiped out anything that he had READ access to!!!  Is there a point
|I'm missing (Op systems back in college doesn't cover enough.  THere ought to be
|an ethics, or a security chapter in every O/S book.)  

A pity the implementers of UNIX didn't borrow one the idea of having a
separate "delete" bit.  It's one of a number of DEC features I miss.

==============================================================================
ARPA:   trn%warper@aplvax.jhuapl.edu	(dumb mailers)
BITNET:	trn@warper.jhuapl.edu		(also smart APRA mailers)
UUCP:	{backbone!}mimsy!aplcomm!warper!trn

"Those who can do, those who can't teach.  And those who can't do either
 become critics.  That's why there's so many of them."
				A PORTRAIT OF THE ARTIST AS A YOUNG GOD
==============================================================================