• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Security bug in OS X / Cocoa
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security bug in OS X / Cocoa

  • Subject: Re: Security bug in OS X / Cocoa
  • From: Michael Scheel <email@hidden>
  • Date: Fri, 15 Feb 2002 13:35:33 -0800
This is normal UNIX security, you can try it in Terminal (example below)
You have permission to remove (unlink) files in the directory, including files
left there by someone else (i.e. root). read/write/execute permissions on a
file have nothing to do with "remove" permission.

{~}<user@phoenix>(13:27) mkdir test
{~}<user@phoenix>(13:27) cd test
{~/test}<user@phoenix>(13:27) sudo touch rootfile
{~/test}<user@phoenix>(13:27) sudo chmod 000 rootfile
{~/test}<user@phoenix>(13:27) ls -la
total 0
drwx------ 3 user staff 58 Feb 15 13:27 ./
drwxr-xr-x 63 user staff 2098 Feb 15 13:27 ../
---------- 1 root staff 0 Feb 15 13:27 rootfile
{~/test}<user@phoenix>(13:27) echo hi > rootfile
rootfile: Permission denied.
{~/test}<user@phoenix>(13:28) echo hi >> rootfile
rootfile: Permission denied.
{~/test}<user@phoenix>(13:28) echo hi > myfile
{~/test}<user@phoenix>(13:28) mv -i myfile rootfile
overwrite rootfile? y
{~/test}<user@phoenix>(13:28) ls -al
total 8
drwx------ 4 user staff 92 Feb 15 13:28 ./
drwxr-xr-x 63 user staff 2098 Feb 15 13:27 ../
-rw------- 1 user staff 3 Feb 15 13:28 rootfile

I admit, this behavior from writeToFile:atomically: is a little counter-
intuitive at first (it caught me, too), but it isn't a security violation,
just a quirk.

-Michael Scheel

On Fri, Feb 15, 2002 at 09:46:55AM -0800, email@hidden wrote:
> From: David Feldman <email@hidden>
>
> It looks to me like the writeToFile:atomically: routine can overwrite an
> existing file, regardless of its ownership and permissions, as long as the
> user has write permissions on the directory. Isn't that a little bit of a
> security problem?

--
| Michael Scheel |Network Under Construction Ahead
| UNIX Chaperone |Left Bit Closed
| E Pluribus UNIX |Shift Right
| www.osxtreme.net
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Prev by Date: Is NSTask the only answer?
  • Next by Date: Re: Is NSTask the only answer?
  • Previous by thread: Re: Security bug in OS X / Cocoa (NOT!)
  • Next by thread: what's an NSZone?
  • Index(es):
    • Date
    • Thread