[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] /bin/rm file access vulnerability

To: Lennart Hansen <xenzeo@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] /bin/rm file access vulnerability
From: Raymond Morsman <raymond@xxxxxxx>
Date: Thu, 30 Dec 2004 11:15:42 +0000

Citeren Lennart Hansen <xenzeo@xxxxxxxxxxxx>:

> /bin/rm file access vulnerability

Works as designed, no vulnerability.

> When /bin/rm is called it checks the file's permissions and the id of
> the user
> trying to remove the file. If the user does not have the required
> permissions
> to delete the file, /bin/rm will simply reject and exit.

No.. It will try to remove the file and the kernel won't allow rm to
remove it.

> However, it is possible for a person with admin rights (root) to
> delete _any_ file
> on the system regardless of who has created it and what it's
> permissions are.

True, that's the meaning of root. No vulnerability here.

> $ su -c 'rm -f /home/xenzeo/file'

Switch user to root. You'll enter the root password now, right? If not,
what's the IP address of the machine? :-)

> #!/usr/bin/perl
> if ($#ARGV != 0) {
>       die "usage: rm-exploit.pl file\r\n";

Little bit of overkill to write a perl program for some normal Unix
behaviour.

Raymond.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] /bin/rm file access vulnerability
  - From: Lennart Hansen

Prev by Date: RE: [Full-Disclosure] MySQL and the user "su"
Next by Date: [Full-Disclosure] WinHKI - ARC File Extraction of 1KB to 1.56GB
Previous by thread: Re: [Full-Disclosure] /bin/rm file access vulnerability
Next by thread: Re: [Full-Disclosure] /bin/rm file access vulnerability
Index(es):
- Date
- Thread