[983] in linux-security and linux-alert archive
[linux-security] Test squad results on group rights denial
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Tue Jul 30 12:08:29 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Tue, 30 Jul 1996 09:27:53 +0200 (MET DST)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
I've got several replies back from the test squad now.
The question was: Can we find OSes where you cannot get less rights than
"other" if you're in the group.....
The test squad so far has access to the following OSes:
Linux (Slackware 3.0) 2.0.9
Linux (Slackware 2.0 w/mods) 1.2.13
Linux (Slackware 2.3) 2.0.8
Linux (Slackware 3.0) 2.0.7
Linux (Slackware ??) 1.2.8
Linux (Debian 1.1) 2.0.8
Linux (RedHat 3.0.3) 2.0.0
Linux (Redhat ??) ????
Linux (custom) 2.0.8
Linux (???) 1.3.80, ext2fs
AIX 2.3
BSDI 2.0
HPUX 9.05
HPUX 10.10
HPUX 10.01
Irix 5.3
Irix 6.2
OSF1 3.2
OSF1 3.2d
SunOS 4.1.3
SunOS 4.1.4
Solaris 2.3 (SunOS 5.3)
Solaris 2.4 (SunOS 5.4)
Solaris 2.5 (SunOS 5.5)
VMS 5.5-1
On most OSes it seems that you are able to revoke rights by putting
someone in a group, and revoking group rights. I got reports about
NOT being able to revoke "other" rights using the group bits for the
following OSes:
HPUX 10.01, Irix 5.3 and Linux 1.2.8.
I verified HPUX versions 9.05 and 10.10 myself, and WAS able to revoke
rights. Others have been able to do that for Linux and Irix. For Linux
it might be filesystem dependent. Ext2fs will handle this properly.
The test squad ran 30 tests, of which 3 turned out questionable.
The original report from Daniel Roedding (daniel@fiction.pb.owl.de)
that it didn't work on an old dynix system still stands.
Roger.
--
/* EMail: R.E.Wolff@BitWizard.nl */ int main (int argc,char**argv){
/* Tel: +31-15-2137459 */ if (*++argv&&!strcmp(*argv,"-advice"))
/* WWW: http://www.BitWizard.nl/ */ {printf("Don't Panic!\n");exit(42);}}