negative group permissions?
Ian Lepore
freebsd at damnhippie.dyndns.org
Wed Feb 29 16:41:08 UTC 2012
On Wed, 2012-02-29 at 16:18 +0000, jb wrote:
> Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes:
>
> > ...
> > It's not a
> > directory or executable file in the first place, so making it executable
> > for everyone except the owner and group is not some sort of subtle
> > security trick, it's just meaningless.
> > ...
>
> Is it meaningless ?
>
> Example:
> # cat /var/spool/output/lpd/.seq
> #! /usr/local/bin/bash
> touch /tmp/jb-test-`echo $$`
>
> # ls -al /var/spool/output/lpd/.seq
> -rw-r----x 1 root daemon 54 Feb 29 17:05 /var/spool/output/lpd/.seq
> # /var/spool/output/lpd/.seq
> #
> # ls /tmp/jb*
> /tmp/jb-test-61789
>
> # chmod 0640 /var/spool/output/lpd/.seq
> # ls -al /var/spool/output/lpd/.seq
> -rw-r----- 1 root daemon 52 Feb 29 17:11 /var/spool/output/lpd/.seq
> # /var/spool/output/lpd/.seq
> su: /var/spool/output/lpd/.seq: Permission denied
> #
>
> jb
I don't understand the point of your example. You use an example .seq
file which does not contain the data the lpr program puts into that
file. Instead your file contains executable code, then you show how
negative permissions work on exectuable files.
My point is that the way this file is used by lpr, it is NOT an
executable file -- it holds a simple ascii-encoded sequence number.
That seems to be a pretty strong argument that manipulating the exec
permission was not an intentional invokation of negative permissions.
-- Ian
More information about the freebsd-current
mailing list