| View previous topic :: View next topic |
| Author |
Message |
ecosta
Guru
Joined: 09 May 2003
Posts: 477
Location: Brussels,BE
|
 Posted: Tue Mar 04, 2008 12:51 pm Post subject: Is vim bypassing all security or am I missing something?!? |
 |
|
I was plag with ACLs when I came onto a problem with permissions. I thought I misunderstood acls until I got the problem with standard unix permissions.
I created 2 users to demonstrate this and no ACLs have been set in these dirs although the filesystem was monted to use ACLs
/dev/sda3 / ext3 noatime,acl 0 1
Here is what I did to demonstrate what seems like vim not respecting linux permissions
vim version:
VIM - Vi IMproved 7.1 (2007 May 12, compiled Dec 28 2007 16:04:37)
Included patches: 1, 3, 5-123
Modified by Gentoo-7.1.123
user: test01
| Code: |
test01@vgen ~ $ pwd
/home/test01
test01@vgen ~ $ id
uid=20641(test01) gid=20642(test01) groups=20642(test01)
test01@vgen ~ $ mkdir perm
test01@vgen ~ $ chmod 777 perm
test01@vgen ~/perm $ ls -l
total 4
-rw-r--r-- 1 test01 test01 29 Mar 4 13:29 file
test01@vgen ~ $ date > perm/file
test01@vgen ~ $ cat perm/file
Tue Mar 4 13:29:14 CET 2008
|
user: test02
| Code: |
test02@vgen ~$ id
uid=20642(test02) gid=20643(test02) groups=20643(test02)
test02@vgen ~$ cd ~test01/perm
test02@vgen /home/test01/perm $ ls -l
total 4
-rw-r--r-- 1 test01 test01 29 Mar 4 13:29 file
test02@vgen /home/test01/perm $ cat file
Tue Mar 4 13:29:14 CET 2008
test02@vgen /home/test01/perm $ date > file
-su: file: Permission denied
test02@vgen /home/test01/perm $ cat file
Tue Mar 4 13:29:14 CET 2008
test02@vgen /home/test01/perm $ vi file (saved using :wq!)
test02@vgen /home/test01/perm $ ls -l
total 4
-rw-r--r-- 1 test02 test02 7 Mar 4 13:31 file
test02@vgen /home/test01/perm $ cat file
WOW!
|
Does anyone have a clue what this is all about?
_________________
Linux user #201331
A8N-SLI Delux / AMD64 X2 3800+ / 1024 MB RAM / 5 x 250 GB SATA RAID 1/5 / ATI Radeon X700 256MB. |
|
| Back to top |
|
 |
timeBandit
Bodhisattva
Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit
|
| Posted: Tue Mar 04, 2008 2:22 pm Post subject: |
|
|
It's behaving as expected. Vim does not write to a file in place--it saves a new copy and removes the old one. This requires write access to the directory, not the file. You gave everyone write access to the directory (chmod 777) so vim was able to do this. Notice the apparent change in file ownership, because it's actually a new file with the same name.
However since the file itself is not world-writable, other users cannot modify it in place, as you saw with date > file.
Also, note that neither vim nor any user application "respects" the permission model--it's enforced by the kernel.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
| Back to top |
|
|
ecosta
Guru
Joined: 09 May 2003
Posts: 477
Location: Brussels,BE
|
| Posted: Tue Mar 04, 2008 2:57 pm Post subject: |
|
|
Many thanks for the info. I never realised this... you learn something every day!
I didn't think there was a way for a user to overwrite another users perms if the settings where 600 but I am wizer now...
Thanks
-Ed
_________________
Linux user #201331
A8N-SLI Delux / AMD64 X2 3800+ / 1024 MB RAM / 5 x 250 GB SATA RAID 1/5 / ATI Radeon X700 256MB. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
