[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nobody is 777 ?
On Thu, 24 Feb 2000, Ben-Nes Michael wrote:
> Is it matter who will be the owner of the file ?
What matters are the permissions of the file. If a file is mode 0777,
i.e., -rwxrwxrwx , anyone can change it/run it, but it will run with the
uid/gid of the one who runs it.
Problems arise when root owned files are setuid/setgrpid, i.e., for
example, a root file with mode 4777, i.e.: -rwsrwxrwx root somegroup
Such a file, when run, is running AS ROOT, since it's setuid (unless it's
partition is mounted with the nosuid bit on).
So, the difference exists when a file is setuid/setgroupid. Then it
matters who owns the file, because it will run with that owner/group
depending on the suid mode.
Naturally, some files owned by root should not be accessible, like files
in /etc. Moreover some root owned binaries (not setuid/setgrpid shouldn't
be mode 777 either, since this way one can replace a vital system binary
with something that doesn't desired things (like replacing inetd for
example).
What do you want to do, really ?
--Ariel
> Can some one exploit a root owned file more then a nobody owned
file
? > what is the right chown chmod to a file that will be shared by all ?
>
> Ely Levy wrote:
>
> > Well I have 2 thories about what his question is
> >
> > 1.he thought that nobody mean nobody is the owner of the file and didnt
> > notice it's actually a user
> >
> > 2.he thought files owned by root has special permissions (beside the fact
> > it's root limited file) if the g-rw that is..
> >
> > hope ihelped:)
> >
> > Ely Levy
> > System group
> > Hebrew University
> > Jerusalem Israel
> >
> > On Wed, 23 Feb 2000, Ariel Biener wrote:
> >
> > | On Wed, 23 Feb 2000, Ben-Nes Michael wrote:
> > |
> > | > Hi
> > | >
> > | >just a Q.
> > | > chmod777 file < nobody owner
> > | > chmod777 file < root owner
> > |
> > | What is the question ?
> > |
> > | :)
> > |
> > | --Ariel
> > | >
> > | >
> > | > I figured that its not the same but I find it hard to explain.
> > | >
> > | > --------------------------
> > | > Canaan Surfing Ltd.
> > | > Internet Service Providers
> > | > Ben-Nes Michael - Manager
> > | > Tel: 972-6-6925757
> > | > Fax: 972-6-6925858
> > | > http://www.canaan.co.il
> > | > --------------------------
> > | >
> > | >
> > | >
> > | > =================================================================
> > | > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > | > the word "unsubscribe" in the message body, e.g., run the command
> > | > echo unsubscribe | mail linux-il-request@linux.org.il
> > | >
> > |
> > | --
> > | Ariel Biener
> > | e-mail: ariel@post.tau.ac.il Work phone: 03-6406086
> > | fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
> > |
> > |
> > | =================================================================
> > | To unsubscribe, send mail to linux-il-request@linux.org.il with
> > | the word "unsubscribe" in the message body, e.g., run the command
> > | echo unsubscribe | mail linux-il-request@linux.org.il
> > |
> > |
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
>
> --
> --------------------------
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --------------------------
>
>
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>
--
Ariel Biener
e-mail: ariel@post.tau.ac.il Work phone: 03-6406086
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il