Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!ucsd!sdcc6!sdcc19!sdcc15!pa1343 From: pa1343@sdcc15.ucsd.edu (pa1343) Newsgroups: comp.os.minix Subject: Re: MINIX1.2 rm-command Keywords: MINIX1.2 (640K), rm-command fix Message-ID: <1131@sdcc15.ucsd.edu> Date: 17 Feb 89 18:21:09 GMT References: <1838@cps3xx.UUCP> Reply-To: pa1343@sdcc15.UUCP () Organization: University of California, San Diego Lines: 27 In article <1838@cps3xx.UUCP> rattan@frith.egr.msu.edu () writes: > >MINIX 1.2 (640K-PC) is being used to teach the OS course. It was >observed that the 'rm' command is willing to remove any file in the >system by switching over to interactive mode, when one is logged in as >ast (not root or su). > > $ rm /etc/passwd > rm: remove /etc/passwd (mode = 644) ? Is rm setuid to root on your system? If not then we have a BIG problem because the unlink() system call is supposed to check for permissions. rm should not be able to unlink a file not owned by the user. That decision is made by unlink(). Rm should also not be SUID root because that will give it permissions to unlink any file. Perhaps I ought to bring up my 1.3 version and see if this exists on the new version. I will post any strange results. Oh, by the way, if a file is in a directory which is writable by you then you can delete ANY regular file in that directory, regardless of its owner or permissions. This exists also on commercial UNIX. (sV, BSD) -- +-----------------------------------------+ | John J. Marco -- pa1343@sdcc15.ucsd.edu | | ...!uunet!sdcc15.ucsd.edu!pa1343 | +-----------------------------------------+