Bugtraq mailing list archives
Re: user flags in public temp space (was Re: chflags() [heads up])
From: hugh () CVS OPENBSD ORG (Hugh Graham)
Date: Fri, 6 Aug 1999 13:22:41 -0600
Brett Lymn writes:
Ugh no - this would be a major lose as the idea of the flags was in part to make files immutable at certain security levels such that _even_root_ could not modify them. The idea being you could trojan proof your binaries by making them immutable (don't forget the directories themselves, kiddies). If you allow root to stomp an immutable file then you lose part of the value of chflags. Then again you could just rig the system to check your binaries against an md5 signature before running them which stops the trojans :-)
No, it seems everybody needs this explained. The issue is over the UF_IMMUTABLE and UF_APPEND flags, not their SF_ counterparts. USER flags may be added or removed at any time by either the user or root, therefore their protection in most circumstances could only be construed as advisory. The only caveat of letting root disregard these flags is that root loses the ability to temporarily mark a file as immutable while the system is running secure. IMHO no great loss. Again, user immutability and append only are for protecting users from each other, it's the system flags that are for protecting the system from root. Allowing users to trip root up this way just causes unexpected behaviour in code that assumes that if something failed, it was because root wanted it to. /Hugh
Current thread:
- Re: user flags in public temp space (was Re: chflags() [heads up]), (continued)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Darren Reed (Aug 07)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Doug Harple (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up Adam Morris (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up James E. Pace (Aug 10)
- New cfingerd 1.4.0 - Configurable Finger Daemon Martin Schulze (Aug 10)
- profil(2) bug, a simple test program Ross Harvey (Aug 09)
- ISS Security Advisory: Denial of Service Attack Against Windows NT Terminal Server X-Force (Aug 09)
- Uploaded cfingerd 1.3.2-18.1 for Debian (security fix) Leszek Gerwatowski (Aug 09)
- Re: user flags in public temp space (was Re: chflags() [heads up]) Strange (Aug 05)