Joey Hess <joeyh@xxxxxxxxxx> wrote: >> ... really dumb idea to have a group/world-writeable directory >> without the sticky bit. > > It may be really dumb, but it's pretty common practice too. ... > Just a few examples within the Debian project ... Kindly add the Debian example: psz@pisa:/usr/local$ ls -ld . drwxrwsr-x 10 root staff 4096 Nov 13 2002 . For Debian this is "mandated by policy": > The Debian Policy Manual [1] says: > > ... /usr/local take precedence over the equivalents in /usr. > ... should have permissions 2775 and be owned by root.staff. > > but it [2] also says: > > ... make sure that [it] is secure ... > Files should be owned by root.root ... mode 644 or 755. > Directories should be mode 755 or 2775 ... owned by the group that needs > write access to it. > > ... > References: > > [1] http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.1.2 > [2] http://www.debian.org/doc/debian-policy/ch-files.html#s10.9 (please see http://bugs.debian.org/299007 for more details). > (gzip is not typically ran in any of these directories AFAIK, FWIW). Typically? Suppose I (as simple user psz) do cd $HOME; touch xyz; chmod 666 xyz; gzip xyz and tell my system manager that I have problems with that gzipped file. While root is running "gunzip ~psz/xyz" I do rm xyz; ln /etc/passwd xyz then we end up with /etc/passwd world-writable. (Bzip uses chown also, so using bzip2/bunzip would get /etc/passwd owned by psz; am not sure about gzip or cpio.) Cheers, Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
