[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole



Konrad M Kokoszkiewicz <draco@mi.com.pl> writes:

|>> > Uhm, I willl check this... anyways, even if it s a perfeclty correct
|>> > behaviour, I think it should be fixed. "w" should also mean you can erase
|>> > the file...
|>> 
|>> I haven't got the POSIX standard here at work (I borrowed it and have it at home)
|>> so I can what the correct POSIX behaivour is. MiNT should have POSIX behaivour
|>> and nothing else!

|> Besides of /proc, there's one more directory which seems to need
|> rwxrwxrwx (and will allow to delete the files inside for everyone). It is
|> /var/spool/mail.

Unless the MTA is setuid/setgid something.  Other systems use S_ISVTX
(displayed as `t' in the `other' part of the mode string) on directories
to keep all except the owner (and root) from deleting a file (also used
with /tmp).  Not sure if MiNT supports that.

-- 
Andreas Schwab                                      "And now for something
schwab@issan.informatik.uni-dortmund.de              completely different"