[Novalug] Gzip security hole?
Angelo Bertolli
angelo at freeshell.org
Thu Sep 13 11:29:36 EDT 2007
Mike Shade wrote:
> A friend pointed out this (seemingly) odd behavior of gzip. Anyone
> know the details of why this happens?
>
> |[mshade at opteron ~]$ sudo touch test.txt
> [mshade at opteron ~]$ ls -l test.txt
> -rw-r--r-- 1 root root 0 Sep 13 09:33 test.txt
> [mshade at opteron ~]$ gzip test.txt && gunzip test.txt.gz
> [mshade at opteron ~]$ ls -l test.txt
> -rw-r--r-- 1 mshade mshade 0 Sep 13 09:33 test.txt
> [mshade at opteron ~]$
>
> A file owned by root is changed to me by zipping the file. Unzip it,
> and it's back to original form, but with my ownership. I understand
> that gzip removes the file when it's zipped and then rewrites it when
> it's unzipped -- but why and how do I have permission to remove the file?
>
> This assumes that the current directory is writable to your user, and
> that you have read permissions on the file.
Try running `chmod o+s ./` before you do it ;)
More information about the Novalug
mailing list