Date: Tue, 9 Mar 2004 09:16:39 +0100 From: =?ISO-8859-15?B?Q+lkcmlj?= Devillers <cedric.devillers@script.jussieu.fr> To: freebsd-security@freebsd.org Subject: Re: Call for review: restricted hardlinks. Message-ID: <20040309091639.0a3a362a.cedric.devillers@script.jussieu.fr> In-Reply-To: <20040308220828.GP10864@darkness.comp.waw.pl> References: <20040308093642.GI10864@darkness.comp.waw.pl> <1078780238.1937.11.camel@localhost.muc.eu.mscsoftware.com> <20040308220828.GP10864@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
If you create several partition ( /var /usr /home ), this problem is resolved. Generally, in /usr, there are no directory write-able for all. If you have a partition for /usr, no hard link to a set-uid binary ( in the /usr tree ) is possible. On Mon, 8 Mar 2004 23:08:28 +0100 Pawel Jakub Dawidek <pjd@freebsd.org> wrote: > On Mon, Mar 08, 2004 at 10:10:38PM +0100, Georg-W. Koltermann wrote: > +> When you restrict links, do you want to restrict copying as well? > +> > +> Seems somewhat paranoid to me. You already need write permission > on the+> directory where you create the link, and permissions are > checked against+> the inode on open(2) anyway. > > This is because this gives an attacker some possibilities. > For example he is able to create hard link to some set-uid binary. > After some time, a security-related bug will be found in this > application, administrator will change it with good version, but old, > vulnerable version will be still in system. > Administrator have to be really careful when fixing such problems > and check number of hard links or just remove such program using 'rm > -P'. > > -- > Pawel Jakub Dawidek http://www.FreeBSD.org > pjd@FreeBSD.org http://garage.freebsd.pl > FreeBSD committer Am I Evil? Yes, I Am! >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040309091639.0a3a362a.cedric.devillers>