From owner-freebsd-security@FreeBSD.ORG Mon Mar 8 14:08:31 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45D3E16A4CE for ; Mon, 8 Mar 2004 14:08:31 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8565943D1F for ; Mon, 8 Mar 2004 14:08:30 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 1C692AEA4F; Mon, 8 Mar 2004 23:08:28 +0100 (CET) Date: Mon, 8 Mar 2004 23:08:28 +0100 From: Pawel Jakub Dawidek To: "Georg-W. Koltermann" Message-ID: <20040308220828.GP10864@darkness.comp.waw.pl> References: <20040308093642.GI10864@darkness.comp.waw.pl> <1078780238.1937.11.camel@localhost.muc.eu.mscsoftware.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="NiDZvZUadYKQfYjZ" Content-Disposition: inline In-Reply-To: <1078780238.1937.11.camel@localhost.muc.eu.mscsoftware.com> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-security@freebsd.org Subject: Re: Call for review: restricted hardlinks. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Mar 2004 22:08:31 -0000 --NiDZvZUadYKQfYjZ Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 08, 2004 at 10:10:38PM +0100, Georg-W. Koltermann wrote: +> When you restrict links, do you want to restrict copying as well? +>=20 +> Seems somewhat paranoid to me. You already need write permission on the +> directory where you create the link, and permissions are checked against +> the inode on open(2) anyway. This is because this gives an attacker some possibilities. For example he is able to create hard link to some set-uid binary. After some time, a security-related bug will be found in this application, administrator will change it with good version, but old, vulnerable version will be still in system. Administrator have to be really careful when fixing such problems and check number of hard links or just remove such program using 'rm -P'. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --NiDZvZUadYKQfYjZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFATO7cForvXbEpPzQRAvIpAJ9bKqicZVWDBQRJ57qKBsRLwGgO+QCfV1js oVFxSzMdD90ZTqW+V7J2dW8= =00ZR -----END PGP SIGNATURE----- --NiDZvZUadYKQfYjZ--