[LBo] Re: Curious about a security issue
Dave Lerner
7dvbyfk02 at sneakemail.com
Sun Feb 11 12:52:05 CET 2007
Billy Pollifrone wrote on 02/11/2007 06:35 AM:
> I assume that when you go to write something, you may need super user
> permissions to do so at least I would hope so.
That may be true. I'm afraid to try that feature. :)
But even if a normal user has read-only access in lde, that would still
let the user view data that's only supposed to be readable by root.
I only used lde as an example.
I'm just wondering if the linux kernel has any built-in protection
against certain types of operations, such as reading directly from disk.
Or is it up to the application itself to check the user's privileges?
If the latter, what would stop someone from copying lde, or a similar
application, into his home directory on a multi-user server, and using
it to read or modify other users' or root's files?
More information about the QnA
mailing list