Possible security problem, need information..
Heiko Blume
src at scuzzy.in-berlin.de
Fri Mar 22 10:03:33 AEST 1991
ric at optima.UUCP (Ric Anderson,GS-746,6214048,) writes:
>The sticky bit is NOT (repeat NOT) implemented on all systems. If the
>sticky bit is implemented CORRECTLY, then the worst I can do is create
>a file in /, and make it grow till "/" fills up. This is good for a
>crash on some systems :-)
>However, if the sticky bit is unimplemented, or is implemented half
>heartedly, then you can move files you own on top of files someone else
>owns (even though you may not be able to rm files owned by others).
i tried this on isc 2.2.1 as user src:
# [ls]
drwxrwxrwt 15 root root 880 Mar 22 00:44 /tmp
-rw-r--r-- 1 root other 4 Mar 22 00:39 /tmp/test
-rw-r--r-- 1 src src 5 Mar 22 00:39 /tmp/test2
# mv test2 test
mv: test: 644 mode?y
mv: cannot unlink .
mv: permission denied
so the sticky bit works (i tried cp test2 test, echo bla>>test etc too),
but what does the 'mv: cannot unlink .' mean???? ain't got no clue...
--
Heiko Blume <-+-> src at scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93
public UNIX source archive [HST V.42bis]:
scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp
uucp scuzzy!/src/README /your/home
More information about the Comp.unix.admin
mailing list