Re: [suse-security] permissions question
Jens Kuehnel <king@kuehnel.org> wrote:
can a root user create a file in a regular user's home directory so that the regular user can not remove it?
Have a look at the directory-Mode. Writing a directory means deleting and creating files. Normaly the best thing is a t-bit like at /tmp.
That won't work in this case. The owner of the directory (i.e., the regular user who should be the owner of his home directory) will still be able to delete files he doesn't own. And because he is able to change his home directory's permissions he even could simply clear the t-bit. Setting the immutable flag with chattr is the only possible solution. Eilert -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Eilert Brinkmann -- Universitaet Bremen -- FB 3, Informatik eilert@informatik.uni-bremen.de - eilert@tzi.org - eilert@linuxfreak.com http://www.informatik.uni-bremen.de/~eilert/
On 18 Jun 2000, Eilert Brinkmann wrote:
Jens Kuehnel <king@kuehnel.org> wrote:
can a root user create a file in a regular user's home directory so that the regular user can not remove it? Have a look at the directory-Mode. Writing a directory means deleting and creating files. Normaly the best thing is a t-bit like at /tmp.
That won't work in this case. The owner of the directory (i.e., the regular user who should be the owner of his home directory) will still be able to delete files he doesn't own. And because he is able to change his home directory's permissions he even could simply clear the t-bit. Setting the immutable flag with chattr is the only possible solution. Yes, you are right! Does that mean that there is no solution for reiserfs??
CU Jens
On Mon, Jun 19, 2000 at 01:28:54AM +0200, Jens Kuehnel wrote:
On 18 Jun 2000, Eilert Brinkmann wrote:
t-bit. Setting the immutable flag with chattr is the only possible solution. Yes, you are right! Does that mean that there is no solution for reiserfs??
Make a subdirectory with appropriate permissions and put the file there? Good luck, Jurriaan
thunder7 wrote:
On Mon, Jun 19, 2000 at 01:28:54AM +0200, Jens Kuehnel wrote:
On 18 Jun 2000, Eilert Brinkmann wrote:
t-bit. Setting the immutable flag with chattr is the only possible solution. Yes, you are right! Does that mean that there is no solution for reiserfs??
Make a subdirectory with appropriate permissions and put the file there?
-- That will work only if subdir has some files in it. N
Yes. This is the trick. And it's an old one. For example, paranoid sysadmins that don't like .rhosts will (as root) create a .rhosts _directory_ in a user's $HOME, throw an empty file in there (eg, touch ~user/.rhosts/noremove), then chmod 0 it. /* Keith Warno ** Developer & Sys Admin ** http://www.HaggleWare.com/ */ ----- Original Message ----- From: "thunder7" <thunder7@xs4all.nl> To: <suse-security@suse.com> Sent: 19 June 2000, Monday 04:25 Subject: Re: [suse-security] permissions question On Mon, Jun 19, 2000 at 01:28:54AM +0200, Jens Kuehnel wrote:
On 18 Jun 2000, Eilert Brinkmann wrote:
t-bit. Setting the immutable flag with chattr is the only possible solution. Yes, you are right! Does that mean that there is no solution for reiserfs??
Make a subdirectory with appropriate permissions and put the file there? Good luck, Jurriaan --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Yes. This is the trick. And it's an old one.
For example, paranoid sysadmins that don't like .rhosts will (as root) create a .rhosts _directory_ in a user's $HOME, throw an empty file in there (eg, touch ~user/.rhosts/noremove), then chmod 0 it.
/* Keith Warno
Errm... not exactly. Changing the name of a file (or directory) does _not_ depend on the modes of this particular entry to be changed, but the permissions of the directory that contains the objects in question. Consider a directory just like an ordinary file, containing other files, directories and other objects. Changing the object's names means changing the directory's content. **root**@reality:/home/client # pwd /home/client **root**@reality:/home/client # mkdir .rhosts **root**@reality:/home/client # touch .rhosts/noremove **root**@reality:/home/client # chmod 0 .rhosts/noremove .rhosts/ **root**@reality:/home/client # ls -lad . .rhosts drwxr-xr-x 7 client users 1024 Jun 20 01:47 . d--------- 2 root root 1024 Jun 20 01:48 .rhosts **root**@reality:/home/client # su - client reality:/home/client $ pwd /home/client reality:/home/client $ mv .rhosts .r reality:/home/client $ ls -lad .r . drwxr-xr-x 7 client users 1024 Jun 20 01:48 . d--------- 2 root root 1024 Jun 20 01:48 .r reality:/home/client $ id uid=200(client) gid=100(users) groups=100(users) reality:/home/client $ Roman. -- _ _ | Roman Drahtmüller "The best way to pay for a | CC University of Freiburg lovely moment is to enjoy it." | email: draht@uni-freiburg.de - Richard Bach | - -
Hi, On Mon, Jun 19, Keith Warno wrote:
Yes. This is the trick. And it's an old one.
For example, paranoid sysadmins that don't like .rhosts will (as root) create a .rhosts _directory_ in a user's $HOME, throw an empty file in there (eg, touch ~user/.rhosts/noremove), then chmod 0 it.
What is this good for? The user just types "mv .rhosts .trash"
/* Keith Warno ** Developer & Sys Admin ** http://www.HaggleWare.com/ */ -o) Hubert Mantel Goodbye, dots... /\\ _\_v
On Fre, 23 Jun 2000, Hubert Mantel wrote:
For example, paranoid sysadmins that don't like .rhosts will (as root) create a .rhosts _directory_ in a user's $HOME, throw an empty file in there (eg, touch ~user/.rhosts/noremove), then chmod 0 it. What is this good for? The user just types "mv .rhosts .trash"
Paranoid sysadmins dont use the r-functionality - even normal ones also doesnt ;) Mit freundlichen Grüßen, Joerg Henner. -- LinuxHaus Stuttgart | Tel.: +49 (7 11) 2 85 19 05 Jörg Henner & Adrian Reyer, Datentechnik GbR | D2: +49 (1 72) 7 35 31 09 | Fax: +49 (7 11) 5 78 06 92 Linux, Netzwerke, Webhosting & Support | http://lihas.de
Hm wow looks like it's good for nothing! simple little mv goes unnoticed by me and the professor who originally told me about that trick. ah well. kw ----- Original Message ----- From: "Hubert Mantel" <mantel@suse.de> To: <suse-security@suse.com> Sent: 23 June 2000, Friday 05:18 Subject: [suse-security] Re: permissions question Hi, On Mon, Jun 19, Keith Warno wrote:
Yes. This is the trick. And it's an old one.
For example, paranoid sysadmins that don't like .rhosts will (as root) create a .rhosts _directory_ in a user's $HOME, throw an empty file in there (eg, touch ~user/.rhosts/noremove), then chmod 0 it.
What is this good for? The user just types "mv .rhosts .trash"
/* Keith Warno ** Developer & Sys Admin ** http://www.HaggleWare.com/ */ -o) Hubert Mantel Goodbye, dots... /\\ _\_v
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
On Sun, 18 Jun 2000, Eilert Brinkmann wrote:
Jens Kuehnel <king@kuehnel.org> wrote:
can a root user create a file in a regular user's home directory so that the regular user can not remove it?
Have a look at the directory-Mode. Writing a directory means deleting and creating files. Normaly the best thing is a t-bit like at /tmp.
That won't work in this case. The owner of the directory (i.e., the regular user who should be the owner of his home directory) will still be able to delete files he doesn't own. And because he is able to change his home directory's permissions he even could simply clear the t-bit. Setting the immutable flag with chattr is the only possible solution.
Not the only solution ... you could break the users fingers... or other acts of BOFHness.... Cheers, GC -- There is something inherently wrong with the world when Bill Gates is a famous billionaire and Dennis Ritchie lives in relative obscurity.
participants (9)
-
Eilert Brinkmann -
Gregory Conron -
Hubert Mantel -
Jens Kuehnel -
Joerg Henner -
Keith Warno -
Nicholas -
Roman Drahtmueller -
thunder7