[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: nobody is 777 ?
Hi
All the stuff you wrote I already knew but with lots of holes.
It was like I know how to write the whole sentence but didn't knew where to put
the comma
Its strange that all the Docs I read i never sow this, only parts of it here and
there.
Ariel Biener wrote:
> On Thu, 24 Feb 2000, Ben-Nes Michael wrote:
>
> > Is it matter who will be the owner of the file ?
>
> What matters are the permissions of the file. If a file is mode 0777,
> i.e., -rwxrwxrwx , anyone can change it/run it, but it will run with the
> uid/gid of the one who runs it.
>
> Problems arise when root owned files are setuid/setgrpid, i.e., for
> example, a root file with mode 4777, i.e.: -rwsrwxrwx root somegroup
>
> Such a file, when run, is running AS ROOT, since it's setuid (unless it's
> partition is mounted with the nosuid bit on).
>
> So, the difference exists when a file is setuid/setgroupid. Then it
> matters who owns the file, because it will run with that owner/group
> depending on the suid mode.
>
> Naturally, some files owned by root should not be accessible, like files
> in /etc. Moreover some root owned binaries (not setuid/setgrpid shouldn't
> be mode 777 either, since this way one can replace a vital system binary
> with something that doesn't desired things (like replacing inetd for
> example).
>
> What do you want to do, really ?
>
> --Ariel
>
> > Can some one exploit a root owned file more then a nobody owned
> file
> ? > what is the right chown chmod to a file that will be shared by all ?
> >
> > Ely Levy wrote:
> >
> > > Well I have 2 thories about what his question is
> > >
> > > 1.he thought that nobody mean nobody is the owner of the file and didnt
> > > notice it's actually a user
> > >
> > > 2.he thought files owned by root has special permissions (beside the fact
> > > it's root limited file) if the g-rw that is..
> > >
> > > hope ihelped:)
> > >
> > > Ely Levy
> > > System group
> > > Hebrew University
> > > Jerusalem Israel
> > >
> > > On Wed, 23 Feb 2000, Ariel Biener wrote:
> > >
> > > | On Wed, 23 Feb 2000, Ben-Nes Michael wrote:
> > > |
> > > | > Hi
> > > | >
> > > | >just a Q.
> > > | > chmod777 file < nobody owner
> > > | > chmod777 file < root owner
> > > |
> > > | What is the question ?
> > > |
> > > | :)
> > > |
> > > | --Ariel
> > > | >
> > > | >
> > > | > I figured that its not the same but I find it hard to explain.
> > > | >
> > > | > --------------------------
> > > | > Canaan Surfing Ltd.
> > > | > Internet Service Providers
> > > | > Ben-Nes Michael - Manager
> > > | > Tel: 972-6-6925757
> > > | > Fax: 972-6-6925858
> > > | > http://www.canaan.co.il
> > > | > --------------------------
> > > | >
> > > | >
> > > | >
> > > | > =================================================================
> > > | > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > | > the word "unsubscribe" in the message body, e.g., run the command
> > > | > echo unsubscribe | mail linux-il-request@linux.org.il
> > > | >
> > > |
> > > | --
> > > | Ariel Biener
> > > | e-mail: ariel@post.tau.ac.il Work phone: 03-6406086
> > > | fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
> > > |
> > > |
> > > | =================================================================
> > > | To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > | the word "unsubscribe" in the message body, e.g., run the command
> > > | echo unsubscribe | mail linux-il-request@linux.org.il
> > > |
> > > |
> > >
> > > =================================================================
> > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > the word "unsubscribe" in the message body, e.g., run the command
> > > echo unsubscribe | mail linux-il-request@linux.org.il
> >
> > --
> > --------------------------
> > Canaan Surfing Ltd.
> > Internet Service Providers
> > Ben-Nes Michael - Manager
> > Tel: 972-6-6925757
> > Fax: 972-6-6925858
> > http://www.canaan.co.il
> > --------------------------
> >
> >
> >
> > =================================================================
> > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > the word "unsubscribe" in the message body, e.g., run the command
> > echo unsubscribe | mail linux-il-request@linux.org.il
> >
>
> --
> Ariel Biener
> e-mail: ariel@post.tau.ac.il Work phone: 03-6406086
> fingerprint = 07 D1 E5 3E EF 6D E5 82 0B E9 21 D4 3C 7D 8B BC
--
--------------------------
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--------------------------
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il