Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!bu-cs!purdue!decwrl!sun!quintus!ok From: ok@quintus.uucp (Richard A. O'Keefe) Newsgroups: comp.unix.wizards Subject: Re: rm etc. (was: Nasty Security Hole?) Message-ID: <783@quintus.UUCP> Date: 30 Nov 88 14:54:24 GMT References: <175@ernie.NECAM.COM> <189@wyn386.UUCP> <8910@smoke.BRL.MIL> <118@hudson.Morgan.COM> <8941@smoke.BRL.MIL> <480@auspex.UUCP> <8956@smoke.BRL.MIL> <730@quintus.UUCP> <13193@ncoast.UUCP> Sender: news@quintus.UUCP Reply-To: ok@quintus.UUCP (Richard A. O'Keefe) Distribution: na Organization: Quintus Computer Systems, Inc. Lines: 26 In article <13193@ncoast.UUCP> allbery@ncoast.UUCP (Brandon S. Allbery) writes: >As quoted from <730@quintus.UUCP> by ok@quintus.uucp (Richard A. O'Keefe): >| % att rm zabbo >| zabbo: 0 mode ? n >| % bsd rm zabbo >| rm: override protection 0 for zabbo? n >If UUNET is any guide, V.2 on Sequents isn't. > $ >foo ; chmod 0 foo ; rm foo > rm: remove foo? n > >I've seen the above on quite a few systems of V.2, V.3, and Xenix 5.x >persuasions. UNIX System V/386 Release 3.0 80386 says foo: 0 mode ? just like the Sequent. There is more reason to doubt UUNET: the SVID clearly and explicitly states in RM(BU_CMD) that If a file has no write permission and the standard input is a terminal, its [presumably the file's] permissions are printed and a line is read from the standard input. Something which purports to be V.2 "rm" ought to obey the SVID and print the permissions *somehow* (though the SVID doesn't specify a format). Internationalisation will be a great opportunity to tidy this up.