Message-ID: <3FC27019.7010402@myrealbox.com>
Date: Mon, 24 Nov 2003 12:54:49 -0800
From: Andy Lutomirski <luto@myrealbox.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3
MIME-Version: 1.0
To: linux-kernel@vger.kernel.org
Subject: Re: hard links create local DoS vulnerability and security problems
References: <fa.hevpbbs.u5q2r6@ifi.uio.no> <fa.l1quqni.v405hu@ifi.uio.no>
In-Reply-To: <fa.l1quqni.v405hu@ifi.uio.no>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1125
Lines: 27


Valdis.Kletnieks@vt.edu wrote:

> 
> In any case, if a user is *MAKING* a program set-UID, it's probably because
> he *wants* it to run as himself even if others invoke it (otherwise, he
> could just leave it in ~/bin and be happy).  So this is really a red herring,
> as it's only a problem if (a) he decides to get rid of the binary, and fails
> to do so because of hard links he doesn't know about, or (b) he's an idiot
> programmer and it malfunctions if invoked with an odd argv[0]....

Right... but non-privileged users _can't_ delete these extra links, even 
if they notice them from the link count.  And non-idiots do make 
security errors -- they just fix them.  But in this case, fixing the 
error after the fact may be impossible without root's help.

And how many package managers / install scripts check for hard links of 
files they're about to overwrite?

--Andy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/