negative group permissions?
jb
jb.1234abcd at gmail.com
Wed Feb 29 16:18:59 UTC 2012
Ian Lepore <freebsd <at> damnhippie.dyndns.org> writes:
> ...
> It's not a
> directory or executable file in the first place, so making it executable
> for everyone except the owner and group is not some sort of subtle
> security trick, it's just meaningless.
> ...
Is it meaningless ?
Example:
# cat /var/spool/output/lpd/.seq
#! /usr/local/bin/bash
touch /tmp/jb-test-`echo $$`
# ls -al /var/spool/output/lpd/.seq
-rw-r----x 1 root daemon 54 Feb 29 17:05 /var/spool/output/lpd/.seq
# /var/spool/output/lpd/.seq
#
# ls /tmp/jb*
/tmp/jb-test-61789
# chmod 0640 /var/spool/output/lpd/.seq
# ls -al /var/spool/output/lpd/.seq
-rw-r----- 1 root daemon 52 Feb 29 17:11 /var/spool/output/lpd/.seq
# /var/spool/output/lpd/.seq
su: /var/spool/output/lpd/.seq: Permission denied
#
jb
More information about the freebsd-current
mailing list