Re: hard links create local DoS vulnerability and security problems

From: Jakob Lell
Date: Mon Nov 24 2003 - 13:17:39 EST

Next message: Danny Brow: "Hp/Compaq Fibre HBA"
Previous message: envicurso1000: "Curso GIS y Teledeteccion"
In reply to: bill davidsen: "Re: hard links create local DoS vulnerability and security problems"
Next in thread: Valdis . Kletnieks: "Re: hard links create local DoS vulnerability and security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday 24 November 2003 19:08, splite@xxxxxxxxxx wrote:
> On Mon, Nov 24, 2003 at 06:57:41PM +0100, Jakob Lell wrote:
> > [...]
> > Setuid-root binaries also work in a home directory.
> > You can try it by doing this test:
> > ln /bin/ping $HOME/ping
> > $HOME/ping localhost
> > [...]
>
> That's why you don't put user-writable directories on the root or /usr
> partitions. (For extra points, mount your /tmp and /var/tmp partitions
> nodev,nosuid.) Seriously guys, this is Unix Admin 101, not a major new
> security problem.
Even if you put /usr on a separate partition, users can create a setuid (not
setuid-root) program in their home directory. Other users can create links to
this program in their home directory. Even if this can't be used to become
root, it shouldn't be possible. To prevent this, you have to put every user's
home directory on a separate partition.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Danny Brow: "Hp/Compaq Fibre HBA"
Previous message: envicurso1000: "Curso GIS y Teledeteccion"
In reply to: bill davidsen: "Re: hard links create local DoS vulnerability and security problems"
Next in thread: Valdis . Kletnieks: "Re: hard links create local DoS vulnerability and security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]