On Mon, Jul 07, 2003 at 01:02:08AM -0400, Robert Brockway wrote:
> This is a security issue if anyone is using unix permissions to restrict
> execution _from_ a subset of users. This is unusual but I've seen it
> done.
>
> zen:~$ cat ./testfile
> #!/bin/bash
>
> echo "I'm executing!"
>
> zen:~$ ls -l testfile
> ----r-xr-x 1 robert users 46 Jul 7 00:52 testfile*
>
> zen:~$ ./testfile
> bash: ./testfile: Permission denied
>
> zen:~$ chown root ./testfile
>
> zen:~$ ls -l ./testfile
> ----r-xr-x 1 root users 35 Jul 7 00:57 ./testfile*
>
> zen:~$ ./testfile
> I'm executing!
this is correct unix behavior. your userid is not root, its zen, so
you are permitted to execute testfile, everyone EXCEPT root is
permitted to execute this file. (except root is allowed too since at
least one x bit is set on the file, and root has authority to
disregard file permissions).
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpdADkAnSETB.pgp
Description: PGP signature
|