From owner-freebsd-current@FreeBSD.ORG Wed Mar 24 10:21:53 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5EF616A4CE for ; Wed, 24 Mar 2004 10:21:53 -0800 (PST) Received: from alpha.siliconlandmark.com (alpha.siliconlandmark.com [209.69.98.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EB5443D45 for ; Wed, 24 Mar 2004 10:21:53 -0800 (PST) (envelope-from andy@siliconlandmark.com) Received: from alpha.siliconlandmark.com (localhost [127.0.0.1]) i2OILnOe030535; Wed, 24 Mar 2004 13:21:49 -0500 (EST) (envelope-from andy@siliconlandmark.com) Received: from localhost (andy@localhost)i2OILneA030532; Wed, 24 Mar 2004 13:21:49 -0500 (EST) (envelope-from andy@siliconlandmark.com) X-Authentication-Warning: alpha.siliconlandmark.com: andy owned process doing -bs Date: Wed, 24 Mar 2004 13:21:49 -0500 (EST) From: Andre Guibert de Bruet To: Rafal Skoczylas In-Reply-To: <20040323223020.GA2931@secprog.org> Message-ID: <20040324130129.A93167@alpha.siliconlandmark.com> References: <20040323223020.GA2931@secprog.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean X-MailScanner-SpamCheck: spam, Infinite-Monkeys cc: freebsd-current@freebsd.org Subject: Re: [UFS] Broken suiddir? (+patch) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 18:21:53 -0000 On Tue, 23 Mar 2004, Rafal Skoczylas wrote: > from mount(8): > [...] > suiddir > A directory on the mounted file system will respond to > the SUID bit being set, by setting the owner of any new > files to be the same as the owner of the directory. New > directories will inherit the bit from their parents. > Execute bits are removed from the file, and it will not > be given to root. > > This feature is designed for use on fileservers serving > PC users via ftp, SAMBA, or netatalk. It provides secu- > rity holes for shell users and as such should not be used > on shell machines, especially on home directories. > [...] > > Additionaly, would someone be so kind to describe the risk caused by using > SUIDDIR (mentioned in man) in more detail? Is there any "hidden" risk > except those obvious (like created files that look like if someone else > created them)? I tried searching google for such information but with > no luck so far. Imagine a scenario where a user uploads via SMB a windows executable and another trojans it. User 1 has no idea that the file has been tampered with and runs it. You've got yourself a problem. Regards, > Andre Guibert de Bruet | Enterprise Software Consultant > > Silicon Landmark, LLC. | http://siliconlandmark.com/ >