[SOLVED] What Risk Does World Writable Executable File Owned by Root Pose?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What Risk Does World Writable Executable File Owned by Root Pose?
Hi
I have some questions on UNIX. Grateful if anyone can help.
If the 'OTHERS' category or WORLD can write to a directory that contains a WORLD writable, readable and executable file owned by root (-rwxrwxrwx), can a user of the system plant a Trojan Horse (malicious script) and execute it?
If he can execute the script, would the script run with permissions of the root user or the permissions of the user?
If the script can only run with the permissions of the user, can the user make changes such that the script can run wth root privilege such that system integrity can be compromised?
I have some questions on UNIX. Grateful if anyone can help.
If the 'OTHERS' category or WORLD can write to a directory that contains a WORLD writable, readable and executable file owned by root (-rwxrwxrwx), can a user of the system plant a Trojan Horse (malicious script) and execute it?
Well. The user will be able to edit the file, but, since the script will run under the effective UID of the current -unprivileged- user, it can only do the things the user would be able to do, and nothing else. So, the user can't just modify the script to run something like "cp -R /root/* $HOME" and run it to fetch the root files. However, this is still a very high risk unless you truly trust your user(s) for the reason I will explain below.
Quote:
If he can execute the script, would the script run with permissions of the root user or the permissions of the user?
Already cleared that out above. The script will run with the UID of the current user, with independence of the owner.
Quote:
If the script can only run with the permissions of the user, can the user make changes such that the script can run wth root privilege such that system integrity can be compromised?
Not easily, but as said above, the user won't be able to do what I said above (just an example), but s/he can still modify the file, and wait for you (the root user) to innocently run the modified script. And this time, he might be able to do the bad thing. This will be worse if there are lots of users with different degrees of power in your system.
Note that this is just an example. The user might be able to attack in some other ways. For example, if he's in the apache groups he could inject some php code to do some harm if there's a vulnerability. Again, a random example, any daemon could be susceptible from this kind of attack. Another thing to worry about is your sudo configuration.
If the 'OTHERS' category or WORLD can write to a directory
May be a sticky directory as /tmp
Quote:
If the 'OTHERS' category or WORLD can write to a directory that contains a WORLD writable, readable and executable file owned by root (-rwxrwxrwx), can a user of the system plant a Trojan Horse (malicious script) and execute it?
Yes, he can execute it, but it depend upon how the other user has permsions on the files that affects by the executable script because the script is owned by root not by the user..
Quote:
If he can execute the script, would the script run with permissions of the root user or the permissions of the user?
It will run on the permission of the user, not root.
Quote:
If the script can only run with the permissions of the user, can the user make changes such that the script can run wth root privilege such that system integrity can be compromised?
As I said if the directory is a sticky directory, you cant do any kind of modification to the file. If not a sticky direcory unless the executable has suid applied, you cant run it with root previleges..
Last edited by divyashree; 05-31-2011 at 04:30 AM.
the worst case I can think of is that a user modifies a program or script (which he/she can do because of the global writing-permissions), but root does not know about the changes and runs the script with root-permissions. Example: if a normal user has write permissions to the /sbin directory, he may replace the rm command with a modified version which by default runs with the -rf option.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.