To: linux-kernel@vger.kernel.org
Path: gatekeeper.tmr.com!davidsen
From: davidsen@tmr.com (bill davidsen)
Newsgroups: mail.linux-kernel
Subject: Re: hard links create local DoS vulnerability and security problems
Date: 24 Nov 2003 23:57:45 GMT
Organization: TMR Associates, Schenectady NY
Message-ID: <bpu5tp$vvd$1@gatekeeper.tmr.com>
References: <20031124180838.GA8065@sigint.cs.purdue.edu> <Pine.LNX.4.53.0311241312180.18685@chaos>
Originator: davidsen@gatekeeper.tmr.com
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1411
Lines: 29

In article <Pine.LNX.4.53.0311241312180.18685@chaos>,
Richard B. Johnson <root@chaos.analogic.com> wrote:
| On Mon, 24 Nov 2003 splite@purdue.edu wrote:
| 
| > On Mon, Nov 24, 2003 at 06:57:41PM +0100, Jakob Lell wrote:
| > > [...]
| > > Setuid-root binaries also work in a home directory.
| > > You can try it by doing this test:
| > > ln /bin/ping $HOME/ping
| > > $HOME/ping localhost
| > > [...]
| >
| > That's why you don't put user-writable directories on the root or /usr
| > partitions.  (For extra points, mount your /tmp and /var/tmp partitions
| > nodev,nosuid.)  Seriously guys, this is Unix Admin 101, not a major new
| > security problem.
| >
| 
| And if the inode that was referenced in the root-owned directory
| was deleted, it would no longer function as setuid root.

??? think about how the inode is deleted... by removing all links.
Clearly if there is another link the inode can't be deleted, and if the
inode is deleted whatever you meant by "it" would function or even exist
(both the link and the inode would be gone).
-- 
bill davidsen <davidsen@tmr.com>
  CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/