On Wed, 2012-02-29 at 16:18 +0000, jb wrote: > Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes: > > > ... > > It's not a > > directory or executable file in the first place, so making it executable > > for everyone except the owner and group is not some sort of subtle > > security trick, it's just meaningless. > > ... > > Is it meaningless ? > > Example: > # cat /var/spool/output/lpd/.seq > #! /usr/local/bin/bash > touch /tmp/jb-test-`echo $$` > > # ls -al /var/spool/output/lpd/.seq > -rw-r----x 1 root daemon 54 Feb 29 17:05 /var/spool/output/lpd/.seq > # /var/spool/output/lpd/.seq > # > # ls /tmp/jb* > /tmp/jb-test-61789 > > # chmod 0640 /var/spool/output/lpd/.seq > # ls -al /var/spool/output/lpd/.seq > -rw-r----- 1 root daemon 52 Feb 29 17:11 /var/spool/output/lpd/.seq > # /var/spool/output/lpd/.seq > su: /var/spool/output/lpd/.seq: Permission denied > # > > jb I don't understand the point of your example. You use an example .seq file which does not contain the data the lpr program puts into that file. Instead your file contains executable code, then you show how negative permissions work on exectuable files. My point is that the way this file is used by lpr, it is NOT an executable file -- it holds a simple ascii-encoded sequence number. That seems to be a pretty strong argument that manipulating the exec permission was not an intentional invokation of negative permissions. -- IanReceived on Wed Feb 29 2012 - 15:41:08 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:24 UTC