Re: Program-invoking Symbolic Links?

[V13]

On Thursday 05 August 2004 20:57, viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
wrote:
> On Thu, Aug 05, 2004 at 07:34:42PM +0200, MÃns RullgÃrd wrote:
> > > ~luser/foo => "cp /bin/sh /tmp/...; chmod 4777 /tmp/...; cat
> > > ~luser/foo.real"
> > >
> > > Any questions?
> >
> > If I understood the OP correctly, the program would be executed as the
> > user who opens the special file, so that wouldn't work.
>
> Yes, it would.  Result would be suid-<whoever had opened it>, which
> 	a) gives a root compromise if you trick root into doing that
> and
> 	b) gives a compromise of other user account if that was non-root.
>
> Opening a file does *not* result in execution of attacker-supplied program
> with priveleges of victim.  Breaking that warranty opens a
> fsck-knows-how-many holes.

What about a filesystem that works somewhow like that? It can be properly 
secured (i.e. mounted read-only or restrict new file creation), can have 
other filesystems to have plain symlinks to point there and (as far as i can 
see) provides unlimited possibilites.

(Of course all of this can be just a foolish though)

<<V13>>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/