ch22_11.htm

the unix power tools

<HTML
><!--Distributed by F --><HEAD
><TITLE
>[Chapter 22] 22.11 A Loophole: Modifying Files Without Write Access</TITLE
><META
NAME="DC.title"
CONTENT="UNIX Power Tools"><META
NAME="DC.creator"
CONTENT="Jerry Peek, Tim O'Reilly &amp; Mike Loukides"><META
NAME="DC.publisher"
CONTENT="O'Reilly &amp; Associates, Inc."><META
NAME="DC.date"
CONTENT="1998-08-04T21:40:31Z"><META
NAME="DC.type"
CONTENT="Text.Monograph"><META
NAME="DC.format"
CONTENT="text/html"
SCHEME="MIME"><META
NAME="DC.source"
CONTENT="1-56592-260-3"
SCHEME="ISBN"><META
NAME="DC.language"
CONTENT="en-US"><META
NAME="generator"
CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINK
REV="made"
HREF="mailto:online-books@oreilly.com"
TITLE="Online Books Comments"><LINK
REL="up"
HREF="ch22_01.htm"
TITLE="22. File Security, Ownership, and Sharing"><LINK
REL="prev"
HREF="ch22_10.htm"
TITLE="22.10 cx, cw, c-w: Quick File Permission Changes "><LINK
REL="next"
HREF="ch22_12.htm"
TITLE="22.12 A Directory that People Can Access but Can't List "></HEAD
><BODY
BGCOLOR="#FFFFFF"
TEXT="#000000"
><DIV
CLASS="htmlnav"
><H1
><IMG
SRC="gifs/smbanner.gif"
ALT="UNIX Power Tools"
USEMAP="#srchmap"
BORDER="0"></H1
><MAP
NAME="srchmap"
><AREA
SHAPE="RECT"
COORDS="0,0,466,58"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="467,0,514,18"
HREF="jobjects/fsearch.htm"
ALT="Search this book"></MAP
><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_10.htm"
TITLE="22.10 cx, cw, c-w: Quick File Permission Changes "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 22.10 cx, cw, c-w: Quick File Permission Changes "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><B
><FONT
FACE="ARIEL,HELVETICA,HELV,SANSERIF"
SIZE="-1"
>Chapter 22<BR>File Security, Ownership, and Sharing</FONT
></B
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_12.htm"
TITLE="22.12 A Directory that People Can Access but Can't List "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.12 A Directory that People Can Access but Can't List "
BORDER="0"></A
></TD
></TR
></TABLE
>&nbsp;<HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"></DIV
><DIV
CLASS="SECT1"
><H2
CLASS="sect1"
><A
CLASS="title"
NAME="UPT-ART-3000"
>22.11 A Loophole: Modifying Files Without Write Access</A
></H2
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="AUTOID-24356"
></A
><A
CLASS="indexterm"
NAME="AUTOID-24359"
></A
><A
CLASS="indexterm"
NAME="AUTOID-24362"
></A
>No one said that
<SPAN
CLASS="link"
>UNIX is perfect (<A
CLASS="linkend"
HREF="ch01_34.htm"
TITLE="What's Wrong with UNIX "
>1.34</A
>)</SPAN
>,
and one of its nagging problems has always been security. Here's one
glitch that you should be aware of. If you don't have write access to
a file, you can't modify it. However, if you have write access to the
directory, you can get around this as follows:</P
><P
CLASS="para"
><BLOCKQUOTE
CLASS="screen"
><PRE
CLASS="screen"
>% <CODE
CLASS="userinput"
><B
>ls -l unwritable</B
></CODE
>
-r-r-r-  1 john         334 Mar 30 14:57 unwritable
% <CODE
CLASS="userinput"
><B
>cat &gt; unwritable</B
></CODE
>
unwritable: permission denied
% <CODE
CLASS="userinput"
><B
>cat unwritable &gt; temp</B
></CODE
>
% <CODE
CLASS="userinput"
><B
>vi temp</B
></CODE
>
   ...
% <CODE
CLASS="userinput"
><B
>mv temp unwritable</B
></CODE
>
override protection 444 for unwritable? <CODE
CLASS="userinput"
><B
>y</B
></CODE
>
% <CODE
CLASS="userinput"
><B
>cat unwritable</B
></CODE
>
John wrote this originally, and made the file read-only.
But then Mike came along and wrote:
I should not have been able to do this!!!</PRE
></BLOCKQUOTE
></P
><P
CLASS="para"
>I couldn't write the file <EM
CLASS="emphasis"
>unwritable</EM
> directly. But I was able to copy
it, and then use <EM
CLASS="emphasis"
>vi</EM
> to make whatever changes I wanted. After
all, I had read access, and to copy a file, you only need to be able
to read it. When I had my own copy, I could (of course) edit it to my
heart's content. When I was done, I was able to <EM
CLASS="emphasis"
>mv</EM
> the new file
on top of <EM
CLASS="emphasis"
>unwritable</EM
>. Why? Renaming a file only requires that
you be able to write the file's directory. You don't need to be able
to write the file itself. (Note that a <EM
CLASS="emphasis"
>cp</EM
> wouldn't
work&nbsp;- copying requires <EM
CLASS="emphasis"
>unwritable</EM
> to be writable, if it already
exists.)
This is one reason to watch directory access fairly closely.</P
><P
CLASS="para"
>As you can see, allowing directory-write access to others can be
dangerous.
If this is a problem for you, solve it by setting your
<SPAN
CLASS="link"
><EM
CLASS="emphasis"
>umask</EM
> (<A
CLASS="linkend"
HREF="ch22_04.htm"
TITLE="Setting an Exact umask "
>22.4</A
>)</SPAN
>
correctly and using
<SPAN
CLASS="link"
><EM
CLASS="emphasis"
>chmod</EM
> (<A
CLASS="linkend"
HREF="ch22_07.htm"
TITLE="Using chmod to Change File Permission "
>22.7</A
>)</SPAN
>
to fix permissions of existing directories.
Or, you may be able to leave the directory writable and
<SPAN
CLASS="link"
>set the directory's sticky bit (<A
CLASS="linkend"
HREF="ch22_06.htm"
TITLE="Protecting Files with the Sticky Bit "
>22.6</A
>)</SPAN
>.</P
><DIV
CLASS="sect1info"
><P
CLASS="SECT1INFO"
>- <SPAN
CLASS="authorinitials"
>ML</SPAN
></P
></DIV
></DIV
><DIV
CLASS="htmlnav"
><P
></P
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><TABLE
WIDTH="515"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_10.htm"
TITLE="22.10 cx, cw, c-w: Quick File Permission Changes "
><IMG
SRC="gifs/txtpreva.gif"
SRC="gifs/txtpreva.gif"
ALT="Previous: 22.10 cx, cw, c-w: Quick File Permission Changes "
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="book"
HREF="index.htm"
TITLE="UNIX Power Tools"
><IMG
SRC="gifs/txthome.gif"
SRC="gifs/txthome.gif"
ALT="UNIX Power Tools"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
><A
CLASS="SECT1"
HREF="ch22_12.htm"
TITLE="22.12 A Directory that People Can Access but Can't List "
><IMG
SRC="gifs/txtnexta.gif"
SRC="gifs/txtnexta.gif"
ALT="Next: 22.12 A Directory that People Can Access but Can't List "
BORDER="0"></A
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="172"
>22.10 cx, cw, c-w: Quick File Permission Changes </TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="171"
><A
CLASS="index"
HREF="index/idx_0.htm"
TITLE="Book Index"
><IMG
SRC="gifs/index.gif"
SRC="gifs/index.gif"
ALT="Book Index"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="172"
>22.12 A Directory that People Can Access but Can't List </TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="515"
TITLE="footer"><IMG
SRC="gifs/smnavbar.gif"
SRC="gifs/smnavbar.gif"
USEMAP="#map"
BORDER="0"
ALT="The UNIX CD Bookshelf Navigation"><MAP
NAME="map"
><AREA
SHAPE="RECT"
COORDS="0,0,73,21"
HREF="../index.htm"
ALT="The UNIX CD Bookshelf"><AREA
SHAPE="RECT"
COORDS="74,0,163,21"
HREF="index.htm"
ALT="UNIX Power Tools"><AREA
SHAPE="RECT"
COORDS="164,0,257,21"
HREF="../unixnut/index.htm"
ALT="UNIX in a Nutshell"><AREA
SHAPE="RECT"
COORDS="258,0,321,21"
HREF="../vi/index.htm"
ALT="Learning the vi Editor"><AREA
SHAPE="RECT"
COORDS="322,0,378,21"
HREF="../sedawk/index.htm"
ALT="sed &amp; awk"><AREA
SHAPE="RECT"
COORDS="379,0,438,21"
HREF="../ksh/index.htm"
ALT="Learning the Korn Shell"><AREA
SHAPE="RECT"
COORDS="439,0,514,21"
HREF="../lrnunix/index.htm"
ALT="Learning the UNIX Operating System"></MAP
></DIV
></BODY
></HTML
>