Small security bug with misconfigured access rights

Giuliano Pochini (pochini@shiny.it)
Wed, 28 Nov 2001 16:39:16 +0100 (CET)


Well, I don't know if it is really a bug.

Create a directory like this:

# ls -la
total 12
drwxr-sr-x 2 pochini root 4096 Nov 28 16:33 .
drwxr-xr-x 32 pochini users 8192 Nov 28 16:25 ..

Sgid bit is set and the directory is owned by me and the
group is root (yes, it shouldn't be).

When I create a file here, it gets the root group even
if I don't belong to it.

[kernel 2.4.5]

Bye.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/