Question

Unix treats file directories in the same fashion as files; that is, both is defined by the same type of data structure, call an inode. As with files, directories include a non-bit protection string. If care is not taken, this can create access control problems. For example, consider a file with protection mode 644 (rw- r-- r--) contained in a directory with protection mode 730 (rwx -wx ---). Write a small report (~250 words) how might the file be compromised in this case?

Answer 1

The directory permissions mentioned in the above instance is problematic(rwx -wx ---). Since members of the group can access the directory ('x') and can modify the directory ('w'), even though they cannot list the directory (no 'r'), if a member of the group knows the name of the file, that person can also remove it because removing a file requires permission to write to the directory. So, a member of the group to which the directory belongs, can remove the file if they know its name. They can also read the file if they know its name, and they can create a file of the same name if the original is already missing.

Although the group members cannot modify the file, just because they can delete the file and create a new one with the same name, the result is basically the same as being able to modify the file.

In simpler words, since the directory can be written to, the file could simply be overwritten with another file if the attacker is in the directory owner's group.