Nasty Security Hole?
Tony Nardo
trn%warper.jhuapl.edu at aplvax.jhuapl.edu
Fri Nov 18 02:30:38 AEST 1988
In article <189 at wyn386.UUCP> mikef at wyn386.UUCP (Mike Faber) writes:
|
|I have wondered something about permissions security for a while, now, too.
|
|Why can a person with read permission only be able to remove the file? For
|example, if I have a file of data (statistical data, for example), and I need
|for any user in my group to read it as input data into their programs, they
|will have read permission to it, but will also be able to remove it (it
|makes sure you want to, but if Mr. Morris' worm had been destructive, he
|could have wiped out anything that he had READ access to!!! Is there a point
|I'm missing (Op systems back in college doesn't cover enough. THere ought to be
|an ethics, or a security chapter in every O/S book.)
A pity the implementers of UNIX didn't borrow one the idea of having a
separate "delete" bit. It's one of a number of DEC features I miss.
==============================================================================
ARPA: trn%warper at aplvax.jhuapl.edu (dumb mailers)
BITNET: trn at warper.jhuapl.edu (also smart APRA mailers)
UUCP: {backbone!}mimsy!aplcomm!warper!trn
"Those who can do, those who can't teach. And those who can't do either
become critics. That's why there's so many of them."
A PORTRAIT OF THE ARTIST AS A YOUNG GOD
==============================================================================
More information about the Comp.unix.wizards
mailing list