Comments on: Pwn files with gzip? http://tipotheday.com/2007/09/13/pwn-files-with-gzip/ techno tips and tricks Sat, 24 Mar 2012 16:34:46 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Nic Wolff http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-448 Nic Wolff Thu, 13 Sep 2007 20:05:10 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-448 Heh I guess I had this window open a while before commenting... Heh I guess I had this window open a while before commenting…

]]> By: Nic Wolff http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-447 Nic Wolff Thu, 13 Sep 2007 20:03:38 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-447 That throws an error because you're trying to change the contents of a file you can't write to. But you <i>can</i> write to the directory, so you can delete the file and put a new one in its place, which is all gzip is doing. Go ahead and try this: <code>cp test.txt foo; rm test.txt; mv foo test.txt</code> and you'll see the same effect. That throws an error because you’re trying to change the contents of a file you can’t write to. But you can write to the directory, so you can delete the file and put a new one in its place, which is all gzip is doing. Go ahead and try this: cp test.txt foo; rm test.txt; mv foo test.txt and you’ll see the same effect.

]]> By: Brandon http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-446 Brandon Thu, 13 Sep 2007 17:03:54 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-446 Thanks for the additional clarificatisn Bjones and Marc! Thanks for the additional clarificatisn Bjones and Marc!

]]> By: BJones http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-445 BJones Thu, 13 Sep 2007 15:34:46 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-445 Yep Yep

]]> By: Marc http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-444 Marc Thu, 13 Sep 2007 15:29:53 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-444 BJones: it works on directory where you have the write permission. /tmp /var/tmp are special because of the sticky bit (rwxrwxrwt - notice the last t), the sticky bit restricts the w permission in that it forbids you to delete files from other users. Come on guys, this is basic Unix ! BJones: it works on directory where you have the write permission. /tmp /var/tmp are special because of the sticky bit (rwxrwxrwt – notice the last t), the sticky bit restricts the w permission in that it forbids you to delete files from other users.
Come on guys, this is basic Unix !

]]> By: mshade http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-443 mshade Thu, 13 Sep 2007 15:27:43 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-443 Not new to unix, but I've been pwned by this post :-D Not new to unix, but I’ve been pwned by this post :-D

]]> By: Marc http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-442 Marc Thu, 13 Sep 2007 15:26:50 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-442 The w permission on the directory allows you to remove the file and replace it from the one from the archive, belonging to you. You're obviously new to Unix. The w permission on the directory allows you to remove the file and replace it from the one from the archive, belonging to you.
You’re obviously new to Unix.

]]> By: mshade http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-441 mshade Thu, 13 Sep 2007 15:26:40 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-441 Thanks for the explanations, guys. It makes perfect sense now -- ownership of the current directory being the necessary prerequisite. Thanks for the explanations, guys. It makes perfect sense now — ownership of the current directory being the necessary prerequisite.

]]> By: Jose http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-440 Jose Thu, 13 Sep 2007 15:24:22 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-440 BJones is absolutely correct, you need to own the directory to do this. And you don't even need the gzip trick, you can just go right ahead and do: $ sudo touch test $ rm test rm: test: override protection 644 (yes/no)? y BJones is absolutely correct, you need to own the directory to do this. And you don’t even need the gzip trick, you can just go right ahead and do:

$ sudo touch test
$ rm test
rm: test: override protection 644 (yes/no)? y

]]> By: BJones http://tipotheday.com/2007/09/13/pwn-files-with-gzip/comment-page-1/#comment-439 BJones Thu, 13 Sep 2007 15:19:07 +0000 http://www.tipotheday.com/2007/09/13/pwn-files-with-gzip/#comment-439 Here's the deal. This only works on directories you own. If you tried this same operation in a place where everyone has write access (like /var/tmp, /tmp, or /var/mail) it would fail. We tested this on Solaris 10, but other UNIX/Linux variants may have a hole. I recommend testing this (a public writeable directory) on systems you are responsible for, just in case. B Here’s the deal.

This only works on directories you own. If you tried this same operation in a place where everyone has write access (like /var/tmp, /tmp, or /var/mail) it would fail.

We tested this on Solaris 10, but other UNIX/Linux variants may have a hole. I recommend testing this (a public writeable directory) on systems you are responsible for, just in case.

B

]]>