[Bug 788468] [NEW] rm manages to remove files owned by root without sudo
Launchpad Bug Tracker
788468 at bugs.launchpad.net
Wed Jun 8 16:58:39 UTC 2011
You have been subscribed to a public bug:
To reproduce:
volodya at gnome:~$ sudo touch bla
volodya at gnome:~$ ls -l bla
-rw-r--r-- 1 root root 0 2011-05-26 08:17 bla
volodya at gnome:~$ rm bla
rm: remove write-protected regular empty file `bla'? y
volodya at gnome:~$ ls -l bla
ls: cannot access bla: No such file or directory
What i expect to see:
rm command should not be able to remove files which are owned by root without root login
Note:
I have tried to remove from /bin/ directory, and i do see that there it generates an error
volodya at gnome:/bin$ rm more
rm: remove write-protected regular file `more'? y
rm: cannot remove `more': Permission denied
However, this is insufficient. Root owned files within home directory should also be protected from deletion.
** Affects: sudo (Ubuntu)
Importance: Undecided
Status: New
--
rm manages to remove files owned by root without sudo
https://bugs.launchpad.net/bugs/788468
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to sudo in Ubuntu.
More information about the foundations-bugs
mailing list