[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
- Subject: Re: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Wed, 24 Apr 2002 20:09:53 -0700
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Gerald Waugh wrote:
> Chris is correct, I know it doesn't seem logical, but the owner of a directory
> can delete files owned by root, regardles of permissions....
> It's the directory ownership that rules....
It's one of the first thing an administrator learns, and it's quite
logical if you think about it the way linux "thinks".
Deleting a file is done by simply writing to another file, in this case
the file that's logically the directory. If you can write to the
directory, yes you can delete the file.
BUT... I forgot completely when I made the post that said you could
protect yourself that way.
Sometimes things that are logical, and correct, are still
contra-intuitive. So we forget them <frown>.
How about the chattr attribute someone mentioned? I just got back from
Internet World 2000, and I'm too tired to do the lookup now...
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484