[ale] file and directory permission security

Michael Hirsch mhirsch at nubridges.com
Thu Jul 11 08:54:18 EDT 2002


Try setting the permissions of foo to 111.  The problem is that to
access the files in a directory you need execute permission on the dir. 
To list the directory you need read permission.  Since 666 only gives
read permission, you can look at the filenames, but you can't access the
files at all.  With 111 permission you won't be able to see the
filenames, but you'll be able to access them if you already know the
name.

--Michael

On Wed, 2002-07-10 at 20:51, Dow Hurst wrote:
> At the last ALE-NW meeting, I said based on my memory of something I 
> thought I had read that you could have a world readable file in a 
> non-world readable directory and if another user knew the exact path and 
> filename that they could read the file.  Geoffrey tried it out and found 
> I was wrong.  Now, is there a way to have limited permissions on a 
> directory for groups or world and yet still have a security hole where 
> they could operate on a file within that directory that has permissions 
> allowing their access?  I've been busy and haven't had much time to go 
> searching for where I thought I saw the exploit but I didn't want to let 
> this go any longer.  Any comments?
> 
> Here is what Geoffrey tried and sent me in his words:
> 
> BEGIN----------------------------------
> I want to make sure that I understood what you said last night regarding 
> file/dir perms.  Correct me if I'm wrong, but you said that if you did 
> not have permissions to search a directory, you could still view files 
> in that directory if the file perms permitted such AND you know the full 
> path to the file?
> 
> Here's my example:
> 
> $ ls -la  foo
> 
> total 36
> drwx------    2 esoteric esoteric     4096 Jun 21 14:51 ./
> drwx------  254 esoteric esoteric    28672 Jun 21 14:55 ../
> -rw-r--r--    1 esoteric esoteric        7 Jun 21 14:51 bar
> 
> $ cat foo/bar
> foobar
> 
> $ chmod 666 foo
> 
> $ ls -ld foo
> drw-rw-rw-    2 esoteric esoteric     4096 Jun 21 14:51 foo/
> 
> $ cat foo/bar
> cat: foo/bar: Permission denied
> 
> Now the interesting thing is, it appears that 'cat' acknowledges the 
> file existence with the error message.  Because it appears to be telling 
> me I don't have permissions to read the file foo/bar.  But if I try to 
> list a non-existent file in the same way:
> 
> 
> $ cat foo/barr
> cat: foo/barr: Permission denied
> 
> I get the same error.  Just the same, it does appear that you can not 
> read the file contents if you don't have search perms on the directory 
> where the file resides.
> 
> In reality, I would expect the error message to say:
> 
> cat: foo: directory access denied
> 
> Or something along those lines.
> END------------------------------
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list