It's not as bad as you thought -- setting up the right situation is tricky.
Consider something like this setup:
$ sudo ls -al /dir total 12 drwx------ 2 root root 4096 2009-10-29 00:28 . drwxr-xr-x 27 root root 4096 2009-10-29 00:28 .. -rw-rw-rw- 1 root root 6 2009-10-29 00:28 file.txtNow as an unprivileged user, you can't read or write the file, even though it's mode 0666, because the directory is mode 0700:
$ echo hi > /dir/file.txt bash: /dir/file.txt: Permission deniedNow here's the trick. Assume that you somehow have an open read-only file descriptor that refers to this file. In the bugtraq conversations, this was achieved by opening the file while the administrator was messing with permissions. But there are other cases — for example, a system daemon might have opened the file read-only and passed you the file descriptor over Unix sockets. Or you inherited a read-only file descriptor when your process was started.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds