Message-Id: <email address hidden>
Date: Wed, 10 Nov 2004 17:30:13 +0100
From: Michal Zimen <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libc6: Ordinary user can delete files owned by other user, root files too.
Package: libc6
Version: 2.3.2.ds1-18
Severity: critical
Justification: breaks the whole system
normal user can delete files, which is not owned by him.
try:
x@y$ cd ~
x@y$ su
x@y# touch XXX
x@y# chmod 700 XXX
x@y# exit
x@y$ rm -f XXX
:) that file is deleted !!!
I tried this problem on other kernels (2.6.8.1, 2.4.26) with the same
result. (file was deleted)
I am sure, that permissions is good, so that should not to be deleted.
But, it is strange, that not each files can be deleted.
for example: at /, /bin ..it is not possible,
but at: /usr/bin/, ~/, /tmp it is really possible.
mizu
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-rc1-mm3-mizu
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
Message-Id: <email address hidden>
Date: Wed, 10 Nov 2004 17:30:13 +0100
From: Michal Zimen <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libc6: Ordinary user can delete files owned by other user, root files too.
Package: libc6
Version: 2.3.2.ds1-18
Severity: critical
Justification: breaks the whole system
normal user can delete files, which is not owned by him.
try:
x@y$ cd ~
x@y$ su
x@y# touch XXX
x@y# chmod 700 XXX
x@y# exit
x@y$ rm -f XXX
:) that file is deleted !!!
I tried this problem on other kernels (2.6.8.1, 2.4.26) with the same
result. (file was deleted)
I am sure, that permissions is good, so that should not to be deleted.
But, it is strange, that not each files can be deleted.
for example: at /, /bin ..it is not possible,
but at: /usr/bin/, ~/, /tmp it is really possible.
-- System Information: ANSI_X3. 4-1968) (ignored: LC_ALL set to C)
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-rc1-mm3-mizu
Locale: LANG=C, LC_CTYPE=C (charmap=
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
-- no debconf information