Chiel Kooijman
2009-Jul-16 19:26 UTC
[Secure-testing-team] Bug#537299: base: user deletes files without write permission, partition full
Package: base Severity: critical Tags: security Justification: root security hole I tried to edit /etc/fstab as user (forgot to use `sudo'') but, as I noticed later, the partition that contains the root (/) files was full. After that I tried to edit the file as superuser (I hadn''t read the message when I tried to write because I assumed it was complaining about permission). But when I opened the file again it was empty (it did exist; but no text, as if created with touch). The editor I used is vim and the filesystem is ext2. Chiel Kooijman PS I hope I''m not scaring people about a non-issue, this is my first bug report and I tried to fill out everything as precise as I could. I do not believe this is a bug in vim as I think no program run under a normal user should be able to edit a file without write permission. -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, ''stable'') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash