On Fri, Nov 26, 2010 at 05:45:17PM -0900, Shane R. Spencer wrote:
> On 11/26/2010 02:24 PM, Christopher Howard wrote:
> > So, I was messing around the other day, and found this rather wierd behavior in Linux:
> >
> > First, I go root, and cd to some public directory. I create a file with some text in it (we'll call it file0) with the new file of course being own by root.
> >
> > Next, I switch back to a regular user account. I cd to my /tmp directory, and use the ln command to create a new file (file1) in the /tmp directory that is a hard link to file0. The new file1, strangely enough, is not own by me, but is owned by root, although it does have "everyone" read permissions.
> >
> > Then, I go root again, and I delete file0. I switch back to my regular user, and discover that file1 still exists, and is still owned by root. I cannot delete it with my regular user account.
> >
> > So, in summary, as a non-root user, I have the ability to "create" (preserve?) files that I do not own and that I cannot delete.
> >
>
> What filesystem are you using? What distro?
>
> Shouldn't be possible if your operating system is at all secure (doesn't run ln as setuid
> root). You cannot modify (including create) files owned by root even if it's the same
> inode as another file. In order not to sound like a dork I attempted the following on
> XFS/JFS2/GFS2/NFS+EXT4/EXT4
>
> spencersr@banzai:/tmp$ sudo touch woman
> spencersr@banzai:/tmp$ ln woman man
> ln: creating hard link `man' => `woman': Operation not permitted
>
> Here.. running ln as setuid root gets things rocking :)
>
> spencersr@banzai:/tmp$ sudo chmod u+s /bin/ln
> spencersr@banzai:/tmp$ ln woman man
> spencersr@banzai:/tmp$ ls -lai man woman
> 34857277 -rw-r--r-- 2 root root 0 2010-11-26 17:36 man
> 34857277 -rw-r--r-- 2 root root 0 2010-11-26 17:36 woman
>
> - Shane
The exact same command works fine on my system:
cmhoward@enigma /tmp $ sudo touch woman
cmhoward@enigma /tmp $ ln woman man
cmhoward@enigma /tmp $ ls -l woman man
-rw-r--r-- 2 root root 0 Nov 27 20:19 man
-rw-r--r-- 2 root root 0 Nov 27 20:19 woman
I'm running XFS file system on amd64 Gentoo (Gentoo-patched kernel 2.6.34-gentoo-r12).
-- Christopher Howard frigidcode.com theologia.indicium.us --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Sat Nov 27 20:27:49 2010
This archive was generated by hypermail 2.1.8 : Sat Nov 27 2010 - 20:27:49 AKST