Re: lynx-dev Re: who owns what

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: who owns what

From:	Philip Webb
Subject:	Re: lynx-dev Re: who owns what
Date:	Sun, 11 Oct 1998 10:34:09 -0400 (EDT)

981010 David Woolley wrote:
> 981010 Philip Webb wrote:
>> this is the result of  ksh pathto $HOME :
>> 
>> drwxr-xr-x   32 root     sys       1024 Sep 30 12:28 /
>> lrwxr-xr-x    1 root     sys         13 Jul 13  1995 /homes -> var/adm/homes
>>   drwxr-xr-x   32 root     sys       1024 Sep 30 12:28 /
>>   drwxr-xr-x   32 root     sys        512 Sep 25 07:28 /var
>>   drwxr-xr-x   12 adm      adm        512 Oct  6 20:26 /var/adm
>                    ^^^
> This might well cause some security sensitive software to consider
> the home directory unsafe, as the normal rule would be not-writeable-to,
> or owned by, anyone except the actual user or root.  It looks like someone
> has been shoe-horning directories into whatever filesystem would take them
> and hasn't thought of the ownership consequences.

see my message 981010 `a word from on high':
the sysadmin has temporarily parked (some) users' home directories
under  /var/adm/  while reorganising their regular distribution
& we seem to have caught him in the middle of it
with a piece of Lynx code which didn't expect it to happen.
 
>>   lrwxr-xr-x    1 root     sys         18 Mar  5  1998 
>> /var/adm/homes/purslow -> /homefs/u7/purslow
>>     drwxr-xr-x   32 root     sys       1024 Sep 30 12:28 /
>>     drwxr-xr-x   29 root     sys        512 Aug 25 23:41 /homefs
>>     drwxr-xr-x   32 root     sys        512 Oct  8 12:19 /homefs/u7
>>     drwx--x--x    9 purslow  user       512 Oct  9 07:53 /homefs/u7/purslow
>      ^^^^^^^^^^
> Someone has already commented that this allows access to known filenames.
 
it doesn't on this system: i can't read the directories of other users.
the sysadmin (see message as above) explains that the final  x  is needed
to allow people out there eg to access users' WWW pages.

-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto

[Prev in Thread]

Current Thread

[Next in Thread]

Re: lynx-dev Re: who owns what, (continued)
- Re: lynx-dev Re: who owns what, dickey, 1998/10/08
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/08
- Re: lynx-dev Re: who owns what, dickey, 1998/10/08
- Re: lynx-dev Re: who owns what, Bela Lubkin, 1998/10/08
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/09
    - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/09
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/09
- Re: lynx-dev Re: who owns what, Bela Lubkin, 1998/10/09
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/09
    - Re: lynx-dev Re: who owns what, David Woolley, 1998/10/11
    - Re: lynx-dev Re: who owns what, Philip Webb <=
    - Re: lynx-dev Re: who owns what, David Woolley, 1998/10/12
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/09
    - Re: lynx-dev Re: who owns what, David Woolley, 1998/10/11
- Re: lynx-dev Re: who owns what, dickey, 1998/10/09
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/10
    - Re: lynx-dev Re: who owns what, Larry W. Virden, 1998/10/10
- Re: lynx-dev Re: who owns what, Nelson Henry Eric, 1998/10/09
- Re: lynx-dev Re: who owns what, dickey, 1998/10/09
  - Re: lynx-dev Re: who owns what, Philip Webb, 1998/10/10
    - lynx-dev a word from on high, Philip Webb, 1998/10/10

Prev by Date: lynx-dev Lynx on an ncr7901 terminal
Next by Date: Re: lynx-dev symlinks to other users' files; broken symlinks
Previous by thread: Re: lynx-dev Re: who owns what
Next by thread: Re: lynx-dev Re: who owns what
Index(es):
- Date
- Thread