Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Security bug in OS X / Cocoa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security bug in OS X / Cocoa

Subject: Re: Security bug in OS X / Cocoa
From: Ondra Cada <email@hidden>
Date: Sat, 16 Feb 2002 00:14:25 +0100

David,

>>>>>> David Feldman (DF) wrote at Fri, 15 Feb 2002 12:41:34 -0500:
DF> It looks to me like the writeToFile:atomically: routine can overwrite an
DF> existing file, regardless of its ownership and permissions, as long as
DF> the user has write permissions on the directory. Isn't that a little bit
DF> of a security problem?

Nope, this is a common misunderstading!

If a file has not "w" for you, you can't _modify its contents_. That has
*NOTHING* to do with removing it (=replacing it by another one).

Actually, not to be able to remove a file,
- either you might not have the "w" bot on the _FOLDER_ where the file lays
(since removing a file is a _change_ of its _folder_);
- or you might not be the owner of the file in a folder with "sticky" bit
("man sticky" for details).
---
Ondra Cada
OCSoftware: email@hidden http://www.ocs.cz
2K Development: email@hidden http://www.2kdevelopment.cz
private email@hidden http://www.ocs.cz/oc
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.

References:
	>Security bug in OS X / Cocoa (From: David Feldman <email@hidden>)

Prev by Date: Re: what's an NSZone?
Next by Date: Re: what's an NSZone?
Previous by thread: Security bug in OS X / Cocoa
Next by thread: Re: Security bug in OS X / Cocoa (NOT!)
Index(es):
- Date
- Thread