Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /bin/rm file access vulnerability

From: Raymond Morsman <raymond () dyn org>
Date: Thu, 30 Dec 2004 11:15:42 +0000
Citeren Lennart Hansen <xenzeo () gardener com>:


/bin/rm file access vulnerability


Works as designed, no vulnerability.


When /bin/rm is called it checks the file's permissions and the id of
the user
trying to remove the file. If the user does not have the required
permissions
to delete the file, /bin/rm will simply reject and exit.


No.. It will try to remove the file and the kernel won't allow rm to
remove it.


However, it is possible for a person with admin rights (root) to
delete _any_ file
on the system regardless of who has created it and what it's
permissions are.


True, that's the meaning of root. No vulnerability here.


$ su -c 'rm -f /home/xenzeo/file'


Switch user to root. You'll enter the root password now, right? If not,
what's the IP address of the machine? :-)


#!/usr/bin/perl
if ($#ARGV != 0) {
      die "usage: rm-exploit.pl file\r\n";


Little bit of overkill to write a perl program for some normal Unix
behaviour.

Raymond.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: