Re^6: Best way to write to a file owned by root?

I'm just writing a script under my total control on my own local machine and does not have processes available to the public.

So it has no network connection? I don't think so.

I *think* my code accomplished that because it makes a copy of the /etc/hosts file, makes the ownership and privileges changes to copy of the file and, if those are successful, only then copies the modified file back to /etc/hosts.

Replace the last step with a rename. Rename is atomar, copy is not. And yes, rename will work for an existing file:

/tmp>echo bla > one

/tmp>echo blubb > two

/tmp>mv two one

/tmp>cat one
blubb

/tmp>echo bla > one

/tmp>echo blubb > two

/tmp>perl -e 'rename "two","one" or die $!'

/tmp>cat one
blubb

/tmp>
[download]

Also, the file is read only only by my account so no one else can look at it.

/etc/hosts should have mode 0644, not 0400 or 0600. Even if only you work with your computer, it still uses several different user accounts to do its job. And some of those user accounts need to resolve host names, i.e. read /etc/hosts. Even if they only need to resolve localhost to ::1 or 127.0.0.1.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Comment on Re^6: Best way to write to a file owned by root? Download Code

Replies are listed 'Best First'.
Re^7: Best way to write to a file owned by root? by nysus (Parson) on Mar 15, 2017 at 14:09 UTC
I'm no security guru (clearly) so tell me if I'm wrong. Yes, it is true my local machine is connected to the Internet. But anyone who hacked my machine would need my account access to run or even read my script. If someone has hacked my machine with my user account, it seems like they are in a very good position of changing my /etc/hosts file without my script to help them. Right? My /etc/hosts file is 0644. I was saying my script that I use to automate the appending to /etc/hosts has perms of 700. Sorry for the confusion. $PM = "Perl Monk's"; $MCF = "Most Clueless ~~Friar~~ ~~Abbot~~ ~~Bishop~~ ~~Pontiff~~ ~~Deacon~~ Curate"; $nysus = $PM . ' ' . $MCF; Click here if you love Perl Monks	[reply]
Re^8: Best way to write to a file owned by root? by hippo (Archbishop) on Mar 15, 2017 at 14:52 UTC
If someone has hacked my machine with my user account, it seems like they are in a very good position of changing my /etc/hosts file without my script to help them. Right? No. This is why we have different user accounts. Your user does not have write access to `/etc/hosts` and therefore anyone who compromises your account also lack the write access to that file. If you bypass that by some means in your script (sudo, setuid, whatever) then the attacker suddenly does have access to write to the previously protected file via your script. So don't do that.	[reply] [d/l]
Re^9: Best way to write to a file owned by root? by nysus (Parson) on Mar 15, 2017 at 15:23 UTC
Well, I do have write access to /etc/hosts in that I can just run `sudo vim /etc/hosts` and change it that way. Now, if a hacker types in that command, sudo will prompt them for my password. I'd assume the hacker already has the password if he hacked in. But maybe I'm wrong in assuming that the hacker would have my password? Is it theoretically possible for a hacker to gain control of my user account without my password? $PM = "Perl Monk's"; $MCF = "Most Clueless ~~Friar~~ ~~Abbot~~ ~~Bishop~~ ~~Pontiff~~ ~~Deacon~~ Curate"; $nysus = $PM . ' ' . $MCF; Click here if you love Perl Monks	[reply] [d/l]
Re^10: Best way to write to a file owned by root? by afoken (Chancellor) on Mar 15, 2017 at 22:48 UTC
Re^11: Best way to write to a file owned by root? by nysus (Parson) on Mar 16, 2017 at 01:29 UTC
Some notes below your chosen depth have not been shown here
Re^10: Best way to write to a file owned by root? by Anonymous Monk on Mar 15, 2017 at 15:46 UTC
Re^11: Best way to write to a file owned by root? by afoken (Chancellor) on Mar 15, 2017 at 22:12 UTC