On Mon, 29 Dec 1997, Yuri Kuzmenko wrote:
> No, you are not right ;-( There is old Unix hole and you know it. And it's
> a kernel vfs issue. In general, this is *huge* hole. Novice in
> sysadmin's world can done this "not kernel issue":
>
> user$ ln /etc/passwd ~/.some
> user$ mail root -s "Please, help me"
> change pls my uid (and mount with this uid some nfs export from other
> machine)
> .
>
> ...
>
> root# chown newuser /home/user -R
>
> ...
>
> user$ ls -l /etc/passwd
> -rw-r--r-- 1 newuser root 1053 Dec 22 20:13 /etc/passwd
> user$ he-he-he
>
> This is only common example. And this is a *serious* security bug.
>
This is called social enginering, and really isn't a kernel issue. It is
a case for having a small root partition with things like /etc, /lib,
/sbin, /dev and the like in which joe average user is never going to be
allowed to write in, and having /home and /tmp as mount points, so
hardlinks just arn't posable.
It then becomes a non issue. If chown dereferances symlinks (by default)
then chown needs to be fixed (mine dosn't), but it's still a user space or
admin problem.
Bryn
- --
PGP Pub key http://www.gytha.demon.co.uk/pubkey.asc ID: 1024/30AF2D69
On-line, adj.: FP: FC 4E 41 9E 64 C3 AB 28 A3 5A 57 F8 CC D9 A7 B8
The idea that a human being should always be accessible to a computer.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Probably (spelt 'Proberbly') requires PGP version 2.6 or later ;)
iQCVAwUBNKf3rusaGi8wry1pAQGZ5AQAoq+okEUH3Tuz/IQK+EqTih+1Xh53lqST
9SE66RtvsNUhvJ0AkPJ5YdJWYUqVaIPnp1pgg51ku/o11OF2fsZemLc5+U/u121X
i+E35LcGJ9pxXqSY6vG6iweuSf9XoAeMwiybR2QNjwVDAIc+1h0u8CGJesaD7lI+
bGFG9kVagSw=
=paBi
-----END PGP SIGNATURE-----