[CLUE-Tech] Directory permissions -- problems with "-w--w--w-"

Sat May 25 11:26:06 MDT 2002

--- "Jed S. Baer" <thag at frii.com> wrote:
> On Wed, 22 May 2002 13:00:38 -0400
> "Joe 'Zonker' Brockmeier" <jzb at dissociatedpress.net> wrote:
> 
> > (AFAIK) is to "look" to see if the file in fact exists before
> attempting
> > to remove it, then checks the permissions before trying to remove it
> and
> > finally, it will actually remove it if test 1 and test 2 have passed.
> If
> > file does not exist, error. If file exists but you do not have 
> > sufficient permissions, error. It must read the file before it can 
> > decide this, though. I imagine that most of the other GNU utilies 
> > perform the same checks.
> 
> Well, I hope it isn't actually the rm program doing this. It should be
> handled further down someplace in the software stack, perhaps in the IO
> library for the filesystem.
> 

You are both correct:
rm does check access privledges on files BEFORE the unlink() call is made,
here is a little snippit from a strace:

<snip>
lstat64("remove_me", {st_mode=S_IFREG|0666, st_size=0, ...}) = 0
access("remove_me", W_OK)               = 0
unlink("remove_me")                     = 0
_exit(0)                                = ?

Additionally, access permissions are checked in the linux kernel's VFS
implementation (consult fs/namei.c sys_unlink() and vfs_unlink() in your
kernel source).  So even if a wanna-be malicious program simply used
unlink() without the access() check first, it would still fail.

Interestingly, permissions are always dealt with by VFS in the kernel, so
most underlying fs implementations rarely consider the issue.

Cheers.

=====
Keith E. Hellman
kehellman at yahoo.com

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com