[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nobody is 777 ?



On Thu, 24 Feb 2000, Ben-Nes Michael wrote:

> Is it matter who will be the owner of the file ?

What matters are the permissions of the file. If a file is mode 0777,
i.e., -rwxrwxrwx , anyone can change it/run it, but it will run with the
uid/gid of the one who runs it. 

Problems arise when root owned files are setuid/setgrpid, i.e., for
example, a root file with mode 4777, i.e.: -rwsrwxrwx root somegroup

Such a file, when run, is running AS ROOT, since it's setuid (unless it's
partition is mounted with the nosuid bit on). 

So, the difference exists when a file is setuid/setgroupid. Then it
matters who owns the file, because it will run with that owner/group
depending on the suid mode.

Naturally, some files owned by root should not be accessible, like files
in /etc. Moreover some root owned binaries (not setuid/setgrpid shouldn't
be mode 777 either, since this way one can replace a vital system binary
with something that doesn't desired things (like replacing inetd for
example).


What do you want to do, really ?

--Ariel

 > Can some one exploit a root owned file more then a nobody owned
file
? > what is the right chown chmod to a file that will be shared by all ?
> 
> Ely Levy wrote:
> 
> > Well I have 2 thories about what his question is
> >
> > 1.he thought that nobody mean nobody is the owner of the file and didnt
> > notice it's actually a user
> >
> > 2.he thought files owned by root has special permissions (beside the fact
> >   it's root limited file) if the g-rw that is..
> >
> > hope ihelped:)
> >
> > Ely Levy
> > System group
> > Hebrew University
> > Jerusalem Israel
> >
> > On Wed, 23 Feb 2000, Ariel Biener wrote:
> >
> > |  On Wed, 23 Feb 2000, Ben-Nes Michael wrote:
> > |
> > |  > Hi
> > |  >
> > |  >just a Q.
> > |  > chmod777 file < nobody owner
> > |  > chmod777 file < root owner
> > |
> > |  What is the question ?
> > |
> > |  :)
> > |
> > |  --Ariel
> > |  >
> > |  >
> > |  > I figured that its not the same but I find it hard to explain.
> > |  >
> > |  > --------------------------
> > |  > Canaan Surfing Ltd.
> > |  > Internet Service Providers
> > |  > Ben-Nes Michael - Manager
> > |  > Tel: 972-6-6925757
> > |  > Fax: 972-6-6925858
> > |  > http://www.canaan.co.il
> > |  > --------------------------
> > |  >
> > |  >
> > |  >
> > |  > =================================================================
> > |  > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > |  > the word "unsubscribe" in the message body, e.g., run the command
> > |  > echo unsubscribe | mail linux-il-request@linux.org.il
> > |  >
> > |
> > |  --
> > |  Ariel Biener
> > |  e-mail: ariel@post.tau.ac.il         Work phone: 03-6406086
> > |  fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
> > |
> > |
> > |  =================================================================
> > |  To unsubscribe, send mail to linux-il-request@linux.org.il with
> > |  the word "unsubscribe" in the message body, e.g., run the command
> > |  echo unsubscribe | mail linux-il-request@linux.org.il
> > |
> > |
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> 
> --
> --------------------------
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --------------------------
> 
> 
> 
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
> 

--
Ariel Biener
e-mail: ariel@post.tau.ac.il           Work phone: 03-6406086
fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il