Re: LYNX-DEV Alleged Lynx security emergency

[Scott McGee (Personal)]

Wayne Buttles <address@hidden> wrote:
>
>On Tue, 1 Jul 1997, Foteos Macrides wrote:
>
>>      I'm not sure what you mean by "it".  I'm the one who trashed
>> Scott's /dev/null trying out the spoofing LYNXDOWNLOAD: URL running
>> Lynx from a non-privileged account.  Are you saying that an
>>    fd = fopen("/dev/null", "w"); fclose(fd); remove("/dev/null");
>> sequence doing that, if that's it (haven't tried it explicitly :),
>> is normal on Unix, and if not, how did I do it? 
>
>The following as root will trash /dev/null
>
>#include <stdio.h>
>main()
>{
>  FILE *fd;
>  fd = fopen("/dev/null", "w"); fclose(fd); remove("/dev/null");
>}
>
>It will also trash /dev/null (on linux) as root su'd to a normal user.  If
>the system you are on gives normal users write access to that file then
>that also may open it up for trashing. 

Ah, after reading this, I did some checking, and Fote's account on SOL is
in the same group as the group ownership on /devices which has group write
permission. Thus, Fote and I could blow away /dev/null (which is a symbolic
link to an entry in /devices) from a normal shell. There is no mysterious
'extra' privileges being granted or required here!

Scott

Scott McGee: Salt Lake Community College Webmaster | When in danger,
___________________________________________________| or in doubt,
Email: address@hidden (Scott McGee)         | run in circles,
Web:   http://www.slcc.edu/infotech/webmaster.html | scream and shout.
----------------------------------------------------------------------
My opinions do not necessarily reflect those of the College. Trust me!
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;