Bug#425374: marked as done (base: writing in write protected files)

Mon, 21 May 2007 03:42:20 -0700 

Your message dated Mon, 21 May 2007 12:37:30 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#425374: base: writing in write protected files
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: base
Severity: critical
Tags: security
Justification: root security hole

 made a file write protected. See this:

 katzes:/etc# ls -al resolv.conf
 -r--r--r-- 1 root root 51 2007-05-21 11:39 resolv.conf


 It has this content: 

 GNU nano 2.0.2                             Datei: resolv.conf

 nameserver 194.97.173.125
 nameserver 192.168.1.254


 Then I changed the content: 

   GNU nano 2.0.2                             Datei: resolv.conf

   nameserver 194.97.173.125
   nameserver 192.168.1.254
   #comment

                                                       [ 3 Zeilen
                                                       geschrieben ]


                                                       ("3 Zeilen
                                                       geschrieben"
                                                       means "3 lines
                                                       written")


                                                       The file was
                                                       changed allthough
                                                       it is still read
                                                       only:

                                                       katzes:/etc# ls
                                                       -al resolv.conf
                                                       -r--r--r-- 1 root
                                                       root 60
                                                       2007-05-21 11:42
                                                       resolv.conf


                                                       This is bad. A
                                                       write protected
                                                       file should not
                                                       be writable,
                                                       under no
                                                       circumstances!



                                                       :quit





                                                       _:quit


                                                        

:quit


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-3-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

--- End Message ---
--- Begin Message --- 
Juergen Katins wrote:
> This is bad. A write protected file should not be writable, under no
> circumstances!

The situation is this: 

- You are root
- The file belongs to root

No matter what the permissions are, you can do anything you want with
the file, because it belongs to you.

This is not a bug, it's a feature. So I am closing this bug report.

-- 
  ยท''`.             If I can't dance to it, it's not my revolution
 : :' :                                            -- Emma Goldman
 `. `'           Proudly running Debian GNU/Linux (unstable)
   `-     www.amayita.com  www.malapecora.com  www.chicasduras.com

--- End Message ---

Reply via email to