home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!sol.ctr.columbia.edu!spool.mu.edu!agate!doc.ic.ac.uk!uknet!gdt!uwe-bristol!slave.uwe.ac.uk!root
- From: root@slave.uwe.ac.uk (Operator (Phil/Dylan))
- Newsgroups: comp.os.linux
- Subject: Re: rm Security Problem!
- Message-ID: <1992Nov17.215558.3558@csd.uwe.ac.uk>
- Date: 17 Nov 92 21:55:58 GMT
- References: <1992Nov16.133710.20417@r-node.gts.org> <1e8mhlINNcij@matt.ksu.ksu.edu>
- Sender: usenet@csd.uwe.ac.uk (uwe nntp usenet poster)
- Reply-To: p_copela@csd.uwe.ac.uk
- Organization: The New University in the West of England, Bristol (WEB)
- Lines: 36
- Nntp-Posting-Host: usenet@csd.uwe.ac.uk (uwe nntp usenet poster)
-
- In article <1e8mhlINNcij@matt.ksu.ksu.edu>, probreak@matt.ksu.ksu.edu (James
- Michael Chacon) writes:
- |> tfoley@r-node.gts.org (Tim Foley) writes:
- |>
- |> >
- |> > I think I may have found a large problem with 'rm' as it comes in the
- |> >SLS distribution.
- |> > Logged in as *anyone* I can delete *almosy any file* with the rm
- |> >command, it just comes up and asks 'override mode 0600' or whatever
- |> >and away it goes! I was able to delete copies of my passwd and inittab
- |> >in the /etc dir using the guest login....very annoying, now disabled!
- |> > Anyone know whats going on with rm and where I can get the source to
- |> >recompile it fixed!
- |> >
- |> > Tim
- |>
- |>
- |>
- |> Sounds as if there is a permission problem with the rm included on the SLS
- |> distribution. Look at the permissions of your rm.
- |> if they look anything like this, then they are wrong:
- |>
- |> -rwsr-xr-x 1 root root ...... rm
- |>
- |> If that is anything close, the setuid bit is set, and rm will act as if
- |> root entered the command. You just need to do a chmod 755 on /bin/rm to
- |> fix this. Hope this helps.
- |>
- |> James
-
- not even close! it is a true bug,... If I find the sources for rm i'll
- recompile it,.. a true 755 rm from the sls release will delete ANY file
- no matter what the owner or group is
-
- Phil
- =--=
-
