[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nobody is 777 ?



Hi

All the stuff you wrote I already knew but with lots of holes.
It was like I know how to write the whole sentence but didn't knew where to put
the comma

Its strange that all the Docs I read i never sow this, only parts of it here and
there.


Ariel Biener wrote:

> On Thu, 24 Feb 2000, Ben-Nes Michael wrote:
>
> > Is it matter who will be the owner of the file ?
>
> What matters are the permissions of the file. If a file is mode 0777,
> i.e., -rwxrwxrwx , anyone can change it/run it, but it will run with the
> uid/gid of the one who runs it.
>
> Problems arise when root owned files are setuid/setgrpid, i.e., for
> example, a root file with mode 4777, i.e.: -rwsrwxrwx root somegroup
>
> Such a file, when run, is running AS ROOT, since it's setuid (unless it's
> partition is mounted with the nosuid bit on).
>
> So, the difference exists when a file is setuid/setgroupid. Then it
> matters who owns the file, because it will run with that owner/group
> depending on the suid mode.
>
> Naturally, some files owned by root should not be accessible, like files
> in /etc. Moreover some root owned binaries (not setuid/setgrpid shouldn't
> be mode 777 either, since this way one can replace a vital system binary
> with something that doesn't desired things (like replacing inetd for
> example).
>
> What do you want to do, really ?
>
> --Ariel
>
>  > Can some one exploit a root owned file more then a nobody owned
> file
> ? > what is the right chown chmod to a file that will be shared by all ?
> >
> > Ely Levy wrote:
> >
> > > Well I have 2 thories about what his question is
> > >
> > > 1.he thought that nobody mean nobody is the owner of the file and didnt
> > > notice it's actually a user
> > >
> > > 2.he thought files owned by root has special permissions (beside the fact
> > >   it's root limited file) if the g-rw that is..
> > >
> > > hope ihelped:)
> > >
> > > Ely Levy
> > > System group
> > > Hebrew University
> > > Jerusalem Israel
> > >
> > > On Wed, 23 Feb 2000, Ariel Biener wrote:
> > >
> > > |  On Wed, 23 Feb 2000, Ben-Nes Michael wrote:
> > > |
> > > |  > Hi
> > > |  >
> > > |  >just a Q.
> > > |  > chmod777 file < nobody owner
> > > |  > chmod777 file < root owner
> > > |
> > > |  What is the question ?
> > > |
> > > |  :)
> > > |
> > > |  --Ariel
> > > |  >
> > > |  >
> > > |  > I figured that its not the same but I find it hard to explain.
> > > |  >
> > > |  > --------------------------
> > > |  > Canaan Surfing Ltd.
> > > |  > Internet Service Providers
> > > |  > Ben-Nes Michael - Manager
> > > |  > Tel: 972-6-6925757
> > > |  > Fax: 972-6-6925858
> > > |  > http://www.canaan.co.il
> > > |  > --------------------------
> > > |  >
> > > |  >
> > > |  >
> > > |  > =================================================================
> > > |  > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > |  > the word "unsubscribe" in the message body, e.g., run the command
> > > |  > echo unsubscribe | mail linux-il-request@linux.org.il
> > > |  >
> > > |
> > > |  --
> > > |  Ariel Biener
> > > |  e-mail: ariel@post.tau.ac.il         Work phone: 03-6406086
> > > |  fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
> > > |
> > > |
> > > |  =================================================================
> > > |  To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > |  the word "unsubscribe" in the message body, e.g., run the command
> > > |  echo unsubscribe | mail linux-il-request@linux.org.il
> > > |
> > > |
> > >
> > > =================================================================
> > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail linux-il-request@linux.org.il
> >
> > --
> > --------------------------
> > Canaan Surfing Ltd.
> > Internet Service Providers
> > Ben-Nes Michael - Manager
> > Tel: 972-6-6925757
> > Fax: 972-6-6925858
> > http://www.canaan.co.il
> > --------------------------
> >
> >
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> >
>
> --
> Ariel Biener
> e-mail: ariel@post.tau.ac.il           Work phone: 03-6406086
> fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC

--
--------------------------
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--------------------------



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il