From owner-freebsd-security@FreeBSD.ORG Tue Mar 9 00:17:03 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C51AD16A4CE for ; Tue, 9 Mar 2004 00:17:03 -0800 (PST) Received: from shiva.jussieu.fr (shiva.jussieu.fr [134.157.0.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5363F43D58 for ; Tue, 9 Mar 2004 00:16:59 -0800 (PST) (envelope-from cedric.devillers@script.jussieu.fr) Received: from tzolkin.script.jussieu.fr (tzolkin.script.jussieu.fr [134.157.164.8])i298GwID052143 for ; Tue, 9 Mar 2004 09:16:58 +0100 (CET) X-Ids: 165 Received: from ganymede (ganymede.script.jussieu.fr [134.157.164.36]) (8.12.10/8.12.10/SCRIPT-1.1.18.1/1.1.8.1) with SMTP id i298Fjls029088 for ; Tue, 9 Mar 2004 09:15:45 +0100 (MET) Date: Tue, 9 Mar 2004 09:16:39 +0100 From: =?ISO-8859-15?B?Q+lkcmlj?= Devillers To: freebsd-security@freebsd.org Message-Id: <20040309091639.0a3a362a.cedric.devillers@script.jussieu.fr> In-Reply-To: <20040308220828.GP10864@darkness.comp.waw.pl> References: <20040308093642.GI10864@darkness.comp.waw.pl> <1078780238.1937.11.camel@localhost.muc.eu.mscsoftware.com> <20040308220828.GP10864@darkness.comp.waw.pl> X-Mailer: Sylpheed version 0.7.4claws (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Miltered: at shiva.jussieu.fr with ID 404D7D7A.002 by Joe's j-chkmail (http://j-chkmail.ensmp.fr)! X-Antivirus: scanned by sophie at shiva.jussieu.fr Subject: Re: Call for review: restricted hardlinks. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2004 08:17:03 -0000 If you create several partition ( /var /usr /home ), this problem is resolved. Generally, in /usr, there are no directory write-able for all. If you have a partition for /usr, no hard link to a set-uid binary ( in the /usr tree ) is possible. On Mon, 8 Mar 2004 23:08:28 +0100 Pawel Jakub Dawidek wrote: > On Mon, Mar 08, 2004 at 10:10:38PM +0100, Georg-W. Koltermann wrote: > +> When you restrict links, do you want to restrict copying as well? > +> > +> Seems somewhat paranoid to me. You already need write permission > on the+> directory where you create the link, and permissions are > checked against+> the inode on open(2) anyway. > > This is because this gives an attacker some possibilities. > For example he is able to create hard link to some set-uid binary. > After some time, a security-related bug will be found in this > application, administrator will change it with good version, but old, > vulnerable version will be still in system. > Administrator have to be really careful when fixing such problems > and check number of hard links or just remove such program using 'rm > -P'. > > -- > Pawel Jakub Dawidek http://www.FreeBSD.org > pjd@FreeBSD.org http://garage.freebsd.pl > FreeBSD committer Am I Evil? Yes, I Am! >