| Summary: | filesystem permission violation [need to withdraw] | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | animantbk |
| Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
| Status: | RESOLVED INVALID | ||
| Severity: | major | CC: | bitlord0xff |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Hi, As far as I know there is nothing wrong here, it's all by design, maybe weird to someone, but if you have permission to change the content of the directory, that is exactly what you demonstrated that you can do. This is a known "feature" on unix like systems. |
It was discovered, any user is able to change file of other user (e.g., root) without reading and writing permissions. Step to reproduce: 1. Under 'root' user create folder with o+wx (at least) permissions: root# mkdir -m 703 /opt/configs root# echo "test" > /opt/configs/my.cnf root# chmod 700 /opt/configs/my.cnf #guest may even not have reading permissions root# ls -all /opt/configs drwx----wx 2 root root 4096 Jul 21 19:19 . drwx------ 12 root root 4096 Jul 21 19:19 .. -rwx------ 1 root root 5 Jul 21 19:17 my.cnf 2. 'guest' first creates new content to be replaced with root-owned one: guest$ echo "rogue content" > fake.txt 3. 'guest' replaces original root-owned file with the fake (without read and write permissions): guest$ cp fake.txt /opt/configs/my.cnf -f #you also may use 'mv' 4. The result is that file /opt/configs/my.cnf is unauthorized overwritten, new permission and owner are the same as in 'fake.txt' file root# ls -all /opt/configs/my.cnf -rw-r--r-- 1 guest guest 4 Jul 21 19:30 my.cnf Testing environment: Linux calculate 4.14.52-calculate, filesystem ext4 Linux dojo 3.2.0-89-generic, filesystem ext4