Hi,
I have this PHP script (simplificated here), called delete_tmp.php
that basically calls external commands:
<?php
$session_file = '/tmp/sess_89765'
system(''rm -f' . ' ' . $session_file);
?>
delete_tmp.php file is owned by gamito.users
/tmp/sess_89765 file has permissions -rw------ and is owned by gamito.users
My /tmp permissions are rwxrwxrwt and is owned by root.root
I know that the the sticky bit only allows files to be deleted by
their owners, the owner of the directory or by root.
Never the less, i can switch to /tmp directory and delete sess_89765
file as user gamito.
If I run:
$ php delete_tmp.php
as root, it deletes sess_89765 file.
But if I do the same has user gamito, it doesn't delete the file !!!
Ideas ?
Any help would be appreciated.
Warm Regards,
Mário Gamito
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Newbie]
[Audio]
[Hams]
[Kernel Newbies]
[Util Linux NG]
[Security]
[Netfilter]
[Bugtraq]
[Photo]
[Yosemite Photos]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Linux Device Drivers]
[Samba]
[Video 4 Linux]
[Git]
[Linux Resources]
[Fedora Users]
