Full Disclosure mailing list archives
Re: /bin/rm file access vulnerability
From: Raymond Morsman <raymond () dyn org>
Date: Thu, 30 Dec 2004 11:15:42 +0000
Citeren Lennart Hansen <xenzeo () gardener com>:
/bin/rm file access vulnerability
Works as designed, no vulnerability.
When /bin/rm is called it checks the file's permissions and the id of the user trying to remove the file. If the user does not have the required permissions to delete the file, /bin/rm will simply reject and exit.
No.. It will try to remove the file and the kernel won't allow rm to remove it.
However, it is possible for a person with admin rights (root) to delete _any_ file on the system regardless of who has created it and what it's permissions are.
True, that's the meaning of root. No vulnerability here.
$ su -c 'rm -f /home/xenzeo/file'
Switch user to root. You'll enter the root password now, right? If not, what's the IP address of the machine? :-)
#!/usr/bin/perl if ($#ARGV != 0) { die "usage: rm-exploit.pl file\r\n";
Little bit of overkill to write a perl program for some normal Unix behaviour. Raymond. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- /bin/rm file access vulnerability Lennart Hansen (Dec 30)
- Re: /bin/rm file access vulnerability Eric Romang / ZATAZ (Dec 30)
- Re: /bin/rm file access vulnerability Michal Zalewski (Dec 30)
- Re: /bin/rm file access vulnerability Jörg Eschke (Dec 30)
- Re: /bin/rm file access vulnerability shane milton (Dec 30)
- Re: /bin/rm file access vulnerability Raymond Morsman (Dec 31)