Bug 21887

Summary: Security vunrebility found
Product: Documentation Reporter: kahya <kahya>
Component: AdvocacyAssignee: freebsd-advocacy (Nobody) <advocacy>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description kahya 2000-10-10 06:40:00 UTC 
 I've found a small security hole that allows other users on a bsd box to enter another user's home dir without any authentication.Well I am a user on this box and I found this accidentaly.Here is what happened and what I did.

[intel@marvin:~]$ cd /home

Ok, so, I enter /home and look at this.

[intel@marvin:/home]$ ls
acer/           danny/          hgcrew/         mazurr/         smorky/
action/         danut/          hidden/         mboyer/         sota/
ademko/         dds/            hqanime/        mcp/            spaz/
adrienne/       dewa/           infinity/       mxpx/           speed/
advert/         dimps/          intel/          naujik/         spider/
aljrooo7/       domreg/         ircd/           nebble/         spooky/
andrew/         drillaz/        isislight/      net-tech/       ssrev/
animehq/        dude/           jedi/           ocparty/        swilling/
apache/         eel/            jonza/          omr/            tef/
arcadia/        ellicit/        kakka/          paiakam/        tektonic/
argg/           enthrash/       karl/           pcmaster/       thor/
arity/          eo/             kirler/         penguin/        tkm/
azabel/         ertw/           kook/           picasso/        toril/
azor/           ervin/          koolzie/        polar/          traffic/
bcaldwel/       exes/           korn/           pollo/          triggzz/
bcentrl/        exorcist/       laan/           predator/       upz/
bhs/            farside/        ladybell/       proxy/          v2000/
bilange/        fastzoom/       lees01/         quake/          vcd/
bogus/          fei/            len/            quantum/        water/
brnt/           flash/          logg/           ram/            wheimeng/
bsd/            flea/           lpr/            rangeela/       winnie/
bubba1/         frosty/         luvhurt/        rattan/         woowoo/
cannibal/       ftp/            lynn/           rift/           xerox/
ceyx/           fusion/         macfarla/       rio/            xt-c/
char/           gameover/       madn0rp/        rodrigo/        zetro/
chris2u/        genxcess/       makaveli/       rolex/          zn/
chrome/         gilles/         manmower/       ryanh/
coolkizz/       goldsky/        mastas/         scp58/
cyrus/          hayz/           matt/           slvrdrgn/

Now I do this:

[intel@marvin:/home]$ cd bcentrl
[intel@marvin:/home/bcentrl]$ ls

Whoa, I've just entered bcentrl's home dir and I'm not root!

[intel@marvin:/home/bcentrl]$ ls
Maildir/                                report.tcl
bots/                                   stormbot.tcl
eggdrop1.3.27/                          stormbot.tclstormbot.tclstormbot.tcl
eggdrop1.3.27.tar

This way, I can grab access to any files in that dir.I don't think this should be possible.

Is there a possible fix for this?Maybe file permissions are set wrong?Any info would be helpful.Thank you.

Fix: 

Not sure.
How-To-Repeat: Not sure.
Comment 1 Alfred Perlstein freebsd_committer freebsd_triage 2000-10-10 06:46:27 UTC 
State Changed
From-To: open->closed

user needs to read a book about unix permissions.
Comment 2 kris 2000-10-10 06:48:24 UTC 
On Mon, Oct 09, 2000 at 10:36:28PM -0700, kahya@techie.com wrote:

>  I've found a small security hole that allows other users on a bsd box to enter another user's home dir without any authentication.Well I am a user on this box and I found this accidentaly.Here is what happened and what I did.

[...]

Yes, this is how file permissions work. Read up about 'chmod'

Kris