[ale] file and directory permission security

Dow Hurst dhurst at kennesaw.edu
Wed Jul 10 21:17:45 EDT 2002 

Should've included the link.  Here it is:
http://www-acs.ucsd.edu/offerings/userhelp/HTML/permissions,d.html

Dow Hurst wrote:

> Here is a blurb taken from a page on file and directory security that 
> talks about what I remembered reading somewhere.  It isn't as bad as I 
> thought but could be a problem if you weren't careful setting permissions:
> BEGIN-----------------------------
>
>> Giving "others" execute permission on your home directory allows other
>> users on the machine the ability to "cd" to your home directory and
>> pass through it on the way to lower subdirectories (such as
>> public_html).  Without "read" permission on the directory, however,
>> they cannot directly obtain a listing of its contents.  But there's a
>> catch: if an outside user already knows the name of a file in the 
>> directory
>> AND read permission is given for others on that file, they will be
>> able to view the contents of the file.
>>
> END----------------------------------
>
>
> Dow Hurst wrote:
>
>> At the last ALE-NW meeting, I said based on my memory of something I 
>> thought I had read that you could have a world readable file in a 
>> non-world readable directory and if another user knew the exact path 
>> and filename that they could read the file.  Geoffrey tried it out 
>> and found I was wrong.  Now, is there a way to have limited 
>> permissions on a directory for groups or world and yet still have a 
>> security hole where they could operate on a file within that 
>> directory that has permissions allowing their access?  I've been busy 
>> and haven't had much time to go searching for where I thought I saw 
>> the exploit but I didn't want to let this go any longer.  Any comments?
>>
>> Here is what Geoffrey tried and sent me in his words:
>>
>> BEGIN----------------------------------
>> I want to make sure that I understood what you said last night 
>> regarding file/dir perms.  Correct me if I'm wrong, but you said that 
>> if you did not have permissions to search a directory, you could 
>> still view files in that directory if the file perms permitted such 
>> AND you know the full path to the file?
>>
>> Here's my example:
>>
>> $ ls -la  foo
>>
>> total 36
>> drwx------    2 esoteric esoteric     4096 Jun 21 14:51 ./
>> drwx------  254 esoteric esoteric    28672 Jun 21 14:55 ../
>> -rw-r--r--    1 esoteric esoteric        7 Jun 21 14:51 bar
>>
>> $ cat foo/bar
>> foobar
>>
>> $ chmod 666 foo
>>
>> $ ls -ld foo
>> drw-rw-rw-    2 esoteric esoteric     4096 Jun 21 14:51 foo/
>>
>> $ cat foo/bar
>> cat: foo/bar: Permission denied
>>
>> Now the interesting thing is, it appears that 'cat' acknowledges the 
>> file existence with the error message.  Because it appears to be 
>> telling me I don't have permissions to read the file foo/bar.  But if 
>> I try to list a non-existent file in the same way:
>>
>>
>> $ cat foo/barr
>> cat: foo/barr: Permission denied
>>
>> I get the same error.  Just the same, it does appear that you can not 
>> read the file contents if you don't have search perms on the 
>> directory where the file resides.
>>
>> In reality, I would expect the error message to say:
>>
>> cat: foo: directory access denied
>>
>> Or something along those lines.
>> END------------------------------
>>
>>
>> ---
>> This message has been sent through the ALE general discussion list.
>> See http://www.ale.org/mailing-lists.shtml for more info. Problems 
>> should be sent to listmaster at ale dot org.
>>
>>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems 
> should be sent to listmaster at ale dot org.
>
>


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list