usenet@cps3xx.UUCP (Usenet file owner) (02/15/89)
MINIX 1.2 (640K-PC) is being used to teach the OS course. It was
observed that the 'rm' command is willing to remove any file in the
system by switching over to interactive mode, when one is logged in as
ast (not root or su).
$ rm /etc/passwd
rm: remove /etc/passwd (mode = 644) ?
This was fixed by patching the file commands/rm.c and installing the
recompiled rm in /bin. The cdiff is given below.
-- ishwar rattan (rattan@frith.egr.msu.edu)
-------------------------------------------------------------
*** rm.c.old ***
--- rm.c ---
*** 105-112 ***
else {
if (access(name, 2) && !fflag) {
--- 105-113 ---
else {
if (access(name, 2) && !fflag) {
stderr3("rm: ", name, " not removed\n");
/* stderr3("rm: remove", name, " ( mode = ");
* octal(s.st_mode & 0777);
* std_err(") ? ");
* if ( !confirm()) */
return;
}
---------------------------------------------------------------pa1343@sdcc15.ucsd.edu (pa1343) (02/18/89)
In article <1838@cps3xx.UUCP> rattan@frith.egr.msu.edu () writes: > >MINIX 1.2 (640K-PC) is being used to teach the OS course. It was >observed that the 'rm' command is willing to remove any file in the >system by switching over to interactive mode, when one is logged in as >ast (not root or su). > > $ rm /etc/passwd > rm: remove /etc/passwd (mode = 644) ? Is rm setuid to root on your system? If not then we have a BIG problem because the unlink() system call is supposed to check for permissions. rm should not be able to unlink a file not owned by the user. That decision is made by unlink(). Rm should also not be SUID root because that will give it permissions to unlink any file. Perhaps I ought to bring up my 1.3 version and see if this exists on the new version. I will post any strange results. Oh, by the way, if a file is in a directory which is writable by you then you can delete ANY regular file in that directory, regardless of its owner or permissions. This exists also on commercial UNIX. (sV, BSD) -- +-----------------------------------------+ | John J. Marco -- pa1343@sdcc15.ucsd.edu | | ...!uunet!sdcc15.ucsd.edu!pa1343 | +-----------------------------------------+
usenet@cps3xx.UUCP (Usenet file owner) (02/22/89)
>> In article<1838@cps3xx.UUCP> rattan@frith.egr.msu.edu wrires: >> MINIX 1.2 (640K-PC) is being used to teach the OS course. It was >> observed that 'rm' command is willing to remove any file ... > > In article <1131@sdcc15.ucsd.edu> pa1343@sdcc15.ucsd.edu writes: > Is rm setuid to root on your system? ... No. It is not setuid to root in the original distrbution also. The directories involved didn't have write permission. -- ishwar rattan (rattan@frith.egr.msu.edu)