Re: can i modify ls
From: Denis Vlasenko
Date: Thu Feb 26 2004 - 16:16:14 EST
On Tuesday 24 February 2004 20:44, Richard B. Johnson wrote:
> On Tue, 24 Feb 2004, Tomas Szepe wrote:
> > On Feb-24 2004, Tue, 11:44 -0500
> >
> > Richard B. Johnson <root@xxxxxxxxxxxxxxxxxx> wrote:
> > > On Tue, 24 Feb 2004, Tomas Szepe wrote:
> > > > On Feb-24 2004, Tue, 15:55 +0000
> > > >
> > > > Alessandro Salvatori <a.salvatori@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> > > > > it's quite interesting...
> > > >
> > > > Actually, it's not.
> > > >
> > > > 1) The presence/absence of the read permission on a directory
> > > > determines whether the user will be able to list the directory's
> > > > contents.
> > > >
> > > > 2) The fs permission model is enforced by the kernel. Trying to
> > > > impose additional restrictions in userspace is fragile, futile and an
> > > > incredibly stupid idea.
> > >
> > > If you don't have any programming tools and no access to any (like
> > > a banking or restrictive office environment), and there is no
> > > way to get any external executable files to run, i.e., no floppy
> > > or no shell that could possibly access one, then writing a minimal
> > > 'ls' program that allows the clerk to see what's in her directory
> > > might be useful.
> >
> > So what is it exactly that prevents the admin from running /bin/chmod
> > in the setup you're describing?
>
> No such program. FYI, there are lots of systems where the root file-system
> has a very limited set of tools, sometimes it's on NFS. The machine needs
> to be booted with a different root for maintenance. This is even
> commonplace for store cash-register, and resturant menu setups
> where there is a "server" in the back room that needs to be restarted
> in a maintenance mode, been that way since DOS 3.0. A system is
> secure if (1) there are no tools available to harm it, and (2) if
> the box that contains additional tools is (physically) locked up.
Yes.
But if user has sh, cat and single writable location,
he can just type in any ELF executable, provided (s)he
is clever/mad enough.
That is the exact reason why I abolished [/usr]/sbin
silliness on all my boxen long ago. Copied everything
into corresponding bin/ and chmod'ed a+rx.
I keep symlinks (sbin -> bin) just in case some silly
script expects them to exist.
--
vda
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/