Re: Proposal: restrict link(2)

Stephen R. van den Berg (srb@cuci.nl)
Thu, 12 Dec 1996 12:48:57 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Harald Koenig: "Re: GPF in 2.0.26 _load__block_bitmap"
Previous message: Harald Koenig: "Re: GPF in 2.0.26 _load__block_bitmap"
Next in thread: Alan Cox: "Re: Proposal: restrict link(2)"
Reply: Alan Cox: "Re: Proposal: restrict link(2)"

Matthias Urlichs <smurf@noris.de> wrote:
> koenig@tat.physik.uni-tuebingen.de (Harald Koenig) writes:
>> why is Joe Random Cracker allowed to make a hard link to /etc/passwd at all
>> (or to any other file not owed by him) ?

>Face it, people, setuid-root programs are _difficult_ to get right. Unless
>we get an ACL implementation with appropriately-fine-grained rights it will
>IMHO never be possible to find all the holes.

Difficult, perhaps, but not impossible. Just program with a devious
mindset. In case of this particular problem, make sure that you don't
chown() the file, but rather open() it, fstat() it, stat() it, then fchown()
it. It can't get much safer than that.

-- 
Sincerely,                                                          srb@cuci.nl
           Stephen R. van den Berg (AKA BuGless).

Real programmers don't produce results, they return exit codes.

Next message: Harald Koenig: "Re: GPF in 2.0.26 _load__block_bitmap"
Previous message: Harald Koenig: "Re: GPF in 2.0.26 _load__block_bitmap"
Next in thread: Alan Cox: "Re: Proposal: restrict link(2)"
Reply: Alan Cox: "Re: Proposal: restrict link(2)"