[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nobody is 777 ?




> > > I want to give to a file permission so all people could
> > write on it and
> > > execute it.
> > > Is it matter who will be the owner of the file ?
> >
> > No, it will be a security disaster regardless.
> 
> Some files can be given 777 without breaking security heavily. things in
> /tmp for example. if you don't care what happen to the content of the file -
> 777 is fine.

Place an 0777 file you ``don't care about'' in /tmp.

I will replace its code with a trojan.

If someone tries to run it -- after all, it has execute permissions -- they
will be screwed, and they will blame you.

QED.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il