[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security hole
Konrad M Kokoszkiewicz <draco@mi.com.pl> writes:
|>> > Uhm, I willl check this... anyways, even if it s a perfeclty correct
|>> > behaviour, I think it should be fixed. "w" should also mean you can erase
|>> > the file...
|>>
|>> I haven't got the POSIX standard here at work (I borrowed it and have it at home)
|>> so I can what the correct POSIX behaivour is. MiNT should have POSIX behaivour
|>> and nothing else!
|> Besides of /proc, there's one more directory which seems to need
|> rwxrwxrwx (and will allow to delete the files inside for everyone). It is
|> /var/spool/mail.
Unless the MTA is setuid/setgid something. Other systems use S_ISVTX
(displayed as `t' in the `other' part of the mode string) on directories
to keep all except the owner (and root) from deleting a file (also used
with /tmp). Not sure if MiNT supports that.
--
Andreas Schwab "And now for something
schwab@issan.informatik.uni-dortmund.de completely different"