Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: /bin/rm file access vulnerability
From: Raymond Morsman <raymond () dyn org>
Date: Thu, 30 Dec 2004 11:15:42 +0000

Citeren Lennart Hansen <xenzeo () gardener com>:

/bin/rm file access vulnerability

Works as designed, no vulnerability.

When /bin/rm is called it checks the file's permissions and the id of
the user
trying to remove the file. If the user does not have the required
permissions
to delete the file, /bin/rm will simply reject and exit.

No.. It will try to remove the file and the kernel won't allow rm to
remove it.

However, it is possible for a person with admin rights (root) to
delete _any_ file
on the system regardless of who has created it and what it's
permissions are.

True, that's the meaning of root. No vulnerability here.

$ su -c 'rm -f /home/xenzeo/file'

Switch user to root. You'll enter the root password now, right? If not,
what's the IP address of the machine? :-)

#!/usr/bin/perl
if ($#ARGV != 0) {
      die "usage: rm-exploit.pl file\r\n";

Little bit of overkill to write a perl program for some normal Unix
behaviour.

Raymond.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]