Date: Wed, 24 Mar 2004 13:21:49 -0500 (EST) From: Andre Guibert de Bruet <andy@siliconlandmark.com> To: Rafal Skoczylas <nils@secprog.org> Cc: freebsd-current@freebsd.org Subject: Re: [UFS] Broken suiddir? (+patch) Message-ID: <20040324130129.A93167@alpha.siliconlandmark.com> In-Reply-To: <20040323223020.GA2931@secprog.org> References: <20040323223020.GA2931@secprog.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Mar 2004, Rafal Skoczylas wrote: > from mount(8): > [...] > suiddir > A directory on the mounted file system will respond to > the SUID bit being set, by setting the owner of any new > files to be the same as the owner of the directory. New > directories will inherit the bit from their parents. > Execute bits are removed from the file, and it will not > be given to root. > > This feature is designed for use on fileservers serving > PC users via ftp, SAMBA, or netatalk. It provides secu- > rity holes for shell users and as such should not be used > on shell machines, especially on home directories. > [...] > > Additionaly, would someone be so kind to describe the risk caused by using > SUIDDIR (mentioned in man) in more detail? Is there any "hidden" risk > except those obvious (like created files that look like if someone else > created them)? I tried searching google for such information but with > no luck so far. Imagine a scenario where a user uploads via SMB a windows executable and another trojans it. User 1 has no idea that the file has been tampered with and runs it. You've got yourself a problem. Regards, > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040324130129.A93167>