[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev /tmp failure
|
From: |
T.E.Dickey |
|
Subject: |
Re: lynx-dev /tmp failure |
|
Date: |
Sun, 22 Aug 1999 06:56:21 -0400 (EDT) |
>
> >
> > Linux is a bad platform for testing permissions problems since it doesn't
> > behave as stringently as Unix. (I can read from a directory which has
> > "unreadable" permissions - though I've not rechecked that with the 2.2.x
> > kernel yet).
>
> Can you give a concrete example and confirm that you were not root at the
> time. This would be a serious bug that would probably get high priority
> treatment given its security implications.
at the moment I'm on the 2.2.5 kernel (Redhat 6) and of course was up too
late - I don't see it here, but my experience (with the 2.0.x kernel, libc5)
was that I could set a directory to be unexecutable and still read the file
if I knew its name.
I 'noticed' this last fall, for instance, when testing the permissions code
I was working on in Lynx. I normally don't run as root.
-- I'll experiment some when I go back to the 2.0.36 this afternoon (I was
running 2.0.34 last fall, but I don't want to pull out the disk right now)
> Just to be clear, though, to read a file in Unix you need x permission
> on the directory and r permission on the file; you do not need r
> permission on the directory.
yes - Solaris agrees with this.
> All the following are correct behaviour for Unix (as well as Linux).
>
> bash$ uname -a
> Linux djwhome 2.0.36 #5 Thu Jun 10 23:33:21 BST 1999 i686
> bash$ id
> uid=501(david) gid=100(users) groups=100(users),11(floppy),101(setihome)
> bash$ ls -ld /root
> drwxr-x--x 8 root root 2048 Aug 19 22:51 /root
> bash$ ls /root
> ls: /root: Permission denied
> bash$ ls -l /root/lodlin16.zip
> -rw-r--r-- 1 root root 95676 May 5 1996 /root/lodlin16.zip
> bash$ wc /root/lodlin16.zip
> 360 2165 95676 /root/lodlin16.zip
> bash$
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey