Comment 6 for bug 10192

Message-ID: <004501c4c746$ce4b8370$01001eac@Wizard>
Date: Wed, 10 Nov 2004 18:00:25 +0100
From: "Roxik" <email address hidden>
To: "Michal Zimen" <email address hidden>, <email address hidden>
Subject: Re: Bug#280632: libc6: Ordinary user can delete files owned by other user,
 root files too.

> normal user can delete files, which is not owned by him.
>
> try:
> x@y$ cd ~
> x@y$ su
> x@y# touch XXX
> x@y# chmod 700 XXX
> x@y# exit
> x@y$ rm -f XXX
> :) that file is deleted !!!
Yeah... But what owner of this file is ??

Look:
SRV:/home/ftp# ls -la
-rw------- 1 root root 166 2004-05-12 15:07 welcome.msg

wiesiek@SRV:~$ rm -f welcome.msg
rm: cannot remove `welcome.msg': Permission denied

>
> for example: at /, /bin ..it is not possible,
> but at: /usr/bin/, ~/, /tmp it is really possible.
Yeap.. because is owned as root, not x account in your example.

I never had any problems with remove non-owned files.
I sugest read manual of LS command :)

--
I greet
Wieslaw

----------------------------------------------------------------------
Startuj z INTERIA.PL!!! >>> http://link.interia.pl/f1837