Re: hard links create local DoS vulnerability and security problems

[Valdis . Kletnieks]

On Mon, 24 Nov 2003 19:18:56 +0100, Jakob Lell said:
> 
> Even if you put /usr on a separate partition, users can create a setuid (not 
> setuid-root) program in their home directory. Other users can create links to
 
> this program in their home directory. Even if this can't be used to become 
> root, it shouldn't be possible. To prevent this, you have to put every user's
 
> home directory on a separate partition.

mkdir ~/bin
chmod 700 ~/bin
cat > ~/bin/show-me
#!/bin/sh
whoami
^D
chmod 4755 ~/bin/show-me

No separate partitions needed.

If the link() syscall doesn't throw an EACCESS because of that chmod,
you have bigger problems.

In any case, if a user is *MAKING* a program set-UID, it's probably because
he *wants* it to run as himself even if others invoke it (otherwise, he
could just leave it in ~/bin and be happy).  So this is really a red herring,
as it's only a problem if (a) he decides to get rid of the binary, and fails
to do so because of hard links he doesn't know about, or (b) he's an idiot
programmer and it malfunctions if invoked with an odd argv[0]....

Attachment: pgp00001.pgp
Description: PGP signature