Path: utzoo!attcan!uunet!husc6!mailrus!purdue!decwrl!labrea!polya!waters
From: waters@polya.Stanford.EDU (Jim Waters)
Newsgroups: comp.unix.wizards
Subject: Re: Nasty Security Hole?
Keywords: mail permissions security
Message-ID: <5187@polya.Stanford.EDU>
Date: 19 Nov 88 08:17:36 GMT
References: <175@ernie.NECAM.COM> <189@wyn386.UUCP> <31681@think.UUCP> <145@tree.UUCP>
Reply-To: waters@polya.Stanford.EDU (Jim Waters)
Distribution: na
Organization: very little, actually
Lines: 27

In article <145@tree.UUCP> stever@tree.UUCP (Steve Rudek) writes:

>Yeah, unfortunately write permission to a file or directory is an
>all-or-nothing matter.  You can't give permission to add a new file to
>a directory without also granting permission to wipe out everything in
>that directory, can you?

Well, that depends which Unix you're running.  Ultrix sticky(8) reads:

     A directory whose `sticky bit' is set becomes an append-only
     directory, or, more accurately, a directory in which the
     deletion of files is resrticted.  A file in a sticky direc-
     tory may only be removed pr renamed by a user if the user
     has write permission for the directory and the user is the
     owner of the file, the owner of the directory, the super-
     user.  This feature is usefully applied to directories such
     as /tmp which must be publicly writeable but should deny
     users the license to arbitrarily delete or rename each oth-
     ers' files.

Of course, that's just Ultrix....

---------------------------------------------------------------------------
      Jim Waters                INTERNET: waters@umunhum.stanford.edu
USPS: P.O. Box 13735                      waters@argus.stanford.edu
      Stanford, CA 94309        UUCP:  ...decwrl!umunhum.stanford.edu!waters
AT+T: (415)323-3063             BITNET:   waters%umunhum.stanford.edu@stanford