rjd@occrsh.ATT.COM (03/29/88)
|>about setuid lp programs. |Setting the directory mode to 777 by itself doesn't let anyone modify |or read anything. All it allows people do is: | | 1. List the file names in the directory | 2. Access files in the dirctory _according_to_their_modes. | 3. Remove files from the directory. Uh, weeeelllll yes, but: saying that it does not allow a user to modify anything is really wrong, as long as he can read it. To modify a file in this 777 directory, though he does not have write permission to the file, all he need do is: cp the file to some new name, modify this copy as he wants, change mode and group to match that of the original, remove the original (allowable via the directory permissions), move the copy to the original's name, then change ownership to the original (maybe even touch the proper date to it prior to chown). Randy