Bug 56410
Summary: | User could modify files of user root (rw-r--r--) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Need Real Name <w.stuehlmeyer> | ||||
Component: | kernel | Assignee: | Arjan van de Ven <arjanv> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Brock Organ <borgan> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 7.1 | Keywords: | Security | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | ia64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2001-11-16 22:18:59 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Need Real Name
2001-11-16 22:03:13 UTC
Created attachment 37802 [details]
Example to reproduce
The user can't DIRECTLY modifiy the file However: Since he owns the directory, he can rename the file Since he owns the directory, he can then make a new file with the same filename as the now renamed file had Since he owns this new file and can read the old file, he can copy the old contents in Since he owns the directory, he can either remove the old file or keep it as backup .... .... and this is what vi does ;( Here is the interesting part of the strace - the documentary evidence to what Arjan mentioned. open("xxx", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Permission denied) getuid32() = 531 unlink("xxx") = 0 open("xxx", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4 write(4, " ## Notes\necho -ne \"\\033]0;Work\\"..., 8192) = 8192 write(4, "/monte-200107261702.tar.bz2\n\n ##"..., 8192) = 8192 write(4, " was \n going to work o"..., 221) = 221 close(4) = 0 chmod("xxx", 0644) = 0 write(1, " 447L, 16605C written", 21) = 21 If you want files that the owner of the directory REALLY cannot modify, you can mark them "immutable" with "chattr +i <filenam>" I'm closing this as "NOTABUG", however if you don't agree with that please reopen the bug. |