Re: hard links create local DoS vulnerability and security problems

From: Valdis . Kletnieks
Date: Mon Nov 24 2003 - 13:25:35 EST

Next message: Valdis . Kletnieks: "Re: hard links create local DoS vulnerability and security problems"
Previous message: Jakob Lell: "Re: hard links create local DoS vulnerability and security problems"
In reply to: Richard B. Johnson: "Re: hard links create local DoS vulnerability and security problems"
Next in thread: Rudo Thomas: "[OT] Re: hard links create local DoS vulnerability and security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 24 Nov 2003 13:10:46 EST, "Richard B. Johnson" said:

> # chmod 4755 xxx
> # su johnson
> $ cp /tmp/xxx .
> $ ls -la xxx
> -rwxr-xr-x 1 rjohnson guru 4887 Nov 24 12:57 xxx
^ Hmm.. this sucker is mode 755, not 4755...

> This clearly shows that once the file exists in a non-root
> directory, it will not function as setuid root.

No, what it shows is that once you *copy* the file to another file,
and the second file isn't set-UID, it won't run as set-UID anymore.

Attachment: pgp00001.pgp
Description: PGP signature

Next message: Valdis . Kletnieks: "Re: hard links create local DoS vulnerability and security problems"
Previous message: Jakob Lell: "Re: hard links create local DoS vulnerability and security problems"
In reply to: Richard B. Johnson: "Re: hard links create local DoS vulnerability and security problems"
Next in thread: Rudo Thomas: "[OT] Re: hard links create local DoS vulnerability and security problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]