lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Alleged Lynx security emergency


From: Bela Lubkin
Subject: Re: LYNX-DEV Alleged Lynx security emergency
Date: Wed, 2 Jul 1997 20:39:27 +0000

Wayne Buttles wrote:

> The following as root will trash /dev/null
> 
> #include <stdio.h>
> main()
> {
>   FILE *fd;
>   fd = fopen("/dev/null", "w"); fclose(fd); remove("/dev/null");
> }

That's as it should be -- you do something stupid as root, you lose.
That's why you try to avoid running as root.

> It will also trash /dev/null (on linux) as root su'd to a normal user.  If
> the system you are on gives normal users write access to that file then
> that also may open it up for trashing. 

If this is true then it's a bug in Linux's Unix security implementation.
Before you and I go around maligning Linux, though, you might want to
identify the version you tried it on.  Try on a recent 2.1.3x (whatever
it's up to...)

(Figure out *why* -- is /dev world-writable?  Is root-su-to-user running
with the egid that owns /dev, and /dev is group-writable?)

>Bela<
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]