50.9. A Loophole: Modifying Files Without Write Access
No one said that Unix is perfect (Section 1.20), and one of its nagging problems has always been security. Here's one glitch that you should be aware of. If you don't have write access to a file, you can't modify it. However, if you have write access to the directory, you can get around this as follows:
% ls -l unwritable -r--r--r-- 1 john 334 Mar 30 14:57 unwritable % cat > unwritable unwritable: permission denied % cat unwritable > temp % vi temp ... % mv temp unwritable override protection 444 for unwritable? y % cat unwritable John wrote this originally, and made the file read-only. But then Mike came along and wrote: I should not have been able to do this!!!
I couldn't write the file unwritable directly. But I was able to copy it, and then use vi to make whatever changes I wanted. After all, I had read access, and to copy a file, you only need to be able to read it. When I had my own copy, I could (of course) edit it to my heart's content. When I was done, I was able to mv the new file on top of unwritable. Why? Renaming a file requires only that you be able to write the file's directory. You don't need to be able to write the file itself. (Note that cp wouldn't work -- copying requires unwritable to be writable, if it already exists.) This is one reason to watch directory access fairly closely.
As you can see, allowing directory-write access to others can be dangerous. If this is a problem for you, solve it by setting your umask (Section 49.4) correctly and using chmod (Section 50.5) to fix permissions of existing directories. Or you may be able to leave the directory writable and set the directory's sticky bit (Section 50.4).
Copyright © 2003 O'Reilly & Associates. All rights reserved.