Re: Access permissions
From: laura fairhead (laura_fairhead_at_INVALID.com)
Date: 11/29/04
- Next message: Randall Hyde: "Re: Stack frames"
- Previous message: Bill Marcum: "Re: Access permissions"
- In reply to: Spam Killer: "Access permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 29 Nov 2004 20:39:08 +0000
In article <41ab1bba.3827120@NEWS.AON.AT>, Spam Killer wrote:
>How should I set the access permissions for a program that uses the
>ports in Linux, like the one below? I build it with:
>
>nasm -g -f elf cmos.asm
>ld cmos.o -o cmos
>
>Then I login as root and do:
>
>chown root:root cmos
>chmod +s cmos
>
>But with "rm cmos" and answering "y" to "rm: remove write-protected
>file `cmos´", I can delete it, when logged in as normal user. How can
>I prevent this?
Hi,
You can't prevent this by doing anything to the file where it is
because the file access control rules of the usual UNIX (*) have
unlink() permission based on the directory the file is in rather
than the file permission bits. A quick work-around would be
to put it in a subdirectory and give that directory no write access
for other users - then a normal user won't be able to delete anything
you put into it. This is also an interesting issue for the /tmp
directory because it needs to have write access but you don't want
users being able to delete/modify each others files....
(*) technically I would say the POSIX file system because a particular
UNIX system can have more than one file system and file access control
ruleset and the one we are assuming needn't even be implemented
and in secure environments often isn't
Interesting program. What's wrong with printing the values in hex?
I always find its more useful because you can know the value
of single bits and nibbles very easy but I digress... You really
need root ID to read the CMOS in Linux?! I could understand you'd
need permission to write it (Windows tries to stop you but often
you can circumvent its idiot VM). It seems to me a good solution
to your problem is just to put this program in /usr/local/bin
or something. Then nobody can delete it and when you type 'cmos'
and it will run from whichever directory you are in.
byefornow
l
>
> global _start
>
> section .text align=16
>_start: fninit
> sys Ioperm, 70h, 2, 3
> test eax,eax
> js error
> mov edi,msg
> xor bl,bl
>nxt: mov al,bl
> out 70h,al
> in al,71h
> call byte2dec
> stosd
> inc bl
> jns nxt
> mov byte[temp],10
> sys Write, STDOUT, msg, 128*4+1
>
>exit_ok: xor eax,eax
>error: xor eax,-1
> lea ebx,[eax+1]
> sys Exit
>
> align 16
>proc byte2dec
> movzx eax,al
> aam
> xchg ah,al
> shl eax,8
> xchg ah,al
> aam
> xchg ah,al
> or eax,20303030h
> ret
>endp byte2dec
>
> section .bss align=16
>msg resd 128
>temp resb 1
>
--
"By deceiving their public through a systematic manufacturing of lies,
their government and their media have abolished democracy for their
own people precisely to the extent to which they have withdrawn the
people's right to truthful information. You can have the best possible
mechanism for democracy, but if you feed it with lies, it cannot
produce results that are humane, honest, and progressive." - Slobodan
Milosevic
- Next message: Randall Hyde: "Re: Stack frames"
- Previous message: Bill Marcum: "Re: Access permissions"
- In reply to: Spam Killer: "Access permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
