[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "weird" behavior in dirs

To: misc_(_at_)_openbsd_(_dot_)_org, gustavoh_(_at_)_sysadmin_(_dot_)_com_(_dot_)_br
Subject: Re: "weird" behavior in dirs
From: Ian Darwin <ian_(_at_)_darwinsys_(_dot_)_com>
Date: Thu, 11 Feb 1999 10:27:35 -0500 (EST)

> The security problem I was found was the folowing:
> 
> Suppose a normal user of the system is acessing my 'hp' dir in /root/hp
> and I don't want anyone to access it anymore. Then i move 'hp' to
> /root/private wich is chmoded 700.
> But if the user has his account logged in and in that directory (/root/hp)
> he still has access to list the file and can see its contents.

This is not a problem, it's a feature. Well, at least, it's how UNIX
works. If you want to lower the permissions on a object in the filesystem,
you are expected to use chmod, not mv. It is supposed to be generally
understood that the name of an object is not the same as its permissions.
If you want to use mv to hide something, you also need to reboot, or
use a command like lsof to ensure that nobody has the object opened
afterwards.

Prev by Date: "weird" behavior in dirs
Next by Date: Re: skipjack t-shirts and Daemon buttons
Previous by thread: "weird" behavior in dirs
Next by thread: Re: skipjack t-shirts and Daemon buttons
Index(es):
- Date
- Thread

Visit your host, monkey.org