UNIX 访问控制如何造成妥协问题?

发布于 2024-08-25 06:43:32 字数 223 浏览 13 评论 0原文

我的系统管理员建议我在设置文件和目录的访问控制时要小心。他给了我一个例子,我很困惑,如下: 保护模式为 644(八进制)的文件包含在保护模式为 730 的目录中。 所以这意味着:

  • 文件:110 100 100(所有者、组、其他:rw- r-- r--)
  • 目录:111 011 000(所有者、组、其他:rwx -wx ---)

文件如何受到损害这个案子?

My system administrators advice me to be careful when setting access control to files and directories. He gave me an example and I got confused, here it is:
a file with protection mode 644 (octal) contained in a directory with protection mode 730.
so it means:

  • File: 110 100 100 (owner, group, other: rw- r-- r--)
  • Directory: 111 011 000 (owner, group, other: rwx -wx ---)

How can file be compromised in this case?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

挽心 2024-09-01 06:43:32

这取决于你所说的“妥协”是什么意思,也取决于谁属于这个群体。

目录权限至关重要。由于组成员可以访问目录('x')并且可以修改目录('w'),即使他们不能列出目录(没有'r'),这意味着如果组成员知道文件名,该人也可以删除它,因为删除文件需要写入目录的权限 - 文件权限并不重要(即使“rm”等命令会让您知道您没有对目录的写入权限)文件,这是一种礼貌,因为它与“unlink()”系统调用无关)。

因此,您的组的成员(或者更准确地说,目录所属组的成员)如果知道该文件的名称,就可以删除该文件。如果他们知道文件的名称,他们还可以读取该文件;如果原始文件已经丢失,他们可以创建一个同名的文件。从文件权限来看,能够读取该文件并没有受到影响 - 如果这很重要,您将拒绝组读取访问(和公共读取访问)。

请注意,虽然您的组成员无法修改该文件,但因为他们可以删除该文件并创建一个同名的新文件,所以结果与能够修改该文件基本相同。一个关键的区别是您会知道哪个用户做了恶作剧,因为该用户拥有该文件。 (嗯,是有权访问该用户 ID 的人造成了恶作剧。)

It depends on what you mean by 'compromise' and it depends on who belongs to the group.

The directory permissions are critical. Since members of the group can access the directory ('x') and can modify the directory ('w'), even though they cannot list the directory (no 'r'), it means that if a member of the group knows the name of the file, that person can also remove it because removing a file requires permission to write to the directory - the file permissions are immaterial (even though commands such as 'rm' let you know when you don't have write permission on the file, that is a courtesy, because it doesn't matter to the 'unlink()' system call).

So, a member of your group (or, more precisely, a member of the group to which the directory belongs) can remove the file if they know its name. They can also read the file if they know its name, and they can create a file of the same name if the original is already missing. It appears from the file permissions that being able to read the file is not compromise - you would have denied group read access (and public read access) if that mattered.

Note that although your group members cannot modify the file, because they can delete the file and create a new one with the same name, the result is basically the same as being able to modify the file. One key difference is that you'd know which user did the mischief because that user would own the file. (Well, someone with access to that user ID did the mischief.)

豆芽 2024-09-01 06:43:32

由于该目录可以写入,因此如果攻击者位于目录所有者的组中,则该文件可能会被另一个文件覆盖。

Since the directory can be written to, the file could simply be overwritten with another if the attacker is in the directory owner's group.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文