Re: [Full-Disclosure] /bin/rm file access vulnerability
From: Raymond Morsman (raymond_at_dyn.org)
Date: 12/30/04
- Previous message: CorryL: "[Full-Disclosure] Microsoft Data Access Dav1.1 PoC"
- In reply to: Lennart Hansen: "[Full-Disclosure] /bin/rm file access vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Dec 2004 11:15:42 +0000 To: Lennart Hansen <xenzeo@gardener.com>
Citeren Lennart Hansen <xenzeo@gardener.com>:
> /bin/rm file access vulnerability
Works as designed, no vulnerability.
> When /bin/rm is called it checks the file's permissions and the id of
> the user
> trying to remove the file. If the user does not have the required
> permissions
> to delete the file, /bin/rm will simply reject and exit.
No.. It will try to remove the file and the kernel won't allow rm to
remove it.
> However, it is possible for a person with admin rights (root) to
> delete _any_ file
> on the system regardless of who has created it and what it's
> permissions are.
True, that's the meaning of root. No vulnerability here.
> $ su -c 'rm -f /home/xenzeo/file'
Switch user to root. You'll enter the root password now, right? If not,
what's the IP address of the machine? :-)
> #!/usr/bin/perl
> if ($#ARGV != 0) {
> die "usage: rm-exploit.pl file\r\n";
Little bit of overkill to write a perl program for some normal Unix
behaviour.
Raymond.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: CorryL: "[Full-Disclosure] Microsoft Data Access Dav1.1 PoC"
- In reply to: Lennart Hansen: "[Full-Disclosure] /bin/rm file access vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
