Full Disclosure mailing list archives
Re: hard links on Linux create local DoS vulnerability and security problems
From: Casper Dik <casper () holland sun com>
Date: Mon, 24 Nov 2003 19:19:40 +0100
on Linux it is possible for any user to create a hard link to a file belonging to another user.Only if they can write to some directory on the same partition.Furthermore, users can even create links to a setuid binary.Only if it's on the same partition. This is just one of a huge number of reasons you shouldn't allow users to write to your root or /usr partitions. I think that your observation of the ability to keep a security hole open is very interesting, but, fortunately, it should be moot.
Many (older) recipies for replacing set-uid binaries consisted of: mv /usr/bin/buggy /usr/bin/buggy.old chmod 0 /usr/bin/buggy.old so it's certainly possible to work around that problem.
I think that this is too drastic a change to the semantics of the unix filesystem. Except for the kludge around the sticky bit, nothing about creation and deletion of files (links) depends upon the permissions on the file itself, just on the enclosing directory.
But it can't be denied that hard links to files one doesn't own pose some interesting challenges; not just in the scope of quotas but also when it comes to actions users cannot undo (such as making many links to files belonging to other users in /tmp)
If you can check whether this problem also exists on other unix-like operating systems, please post the results.It certainly does. This is part of the original design of the unix filesystem. Creating a link requires write access to the directory you're creating it in, not to the file you're linking to. I think that if a user creates a bunch of hard links to someone else's temporary files, the evidence should point to the original user, on a typical well-maintained unix system. The link to setuid programs is more of concern except that it won't be able to happen unless you have setuid-root programs in a home directory partition, which sounds bad anyway.
And you can easily work around it when replacing executables. Casper _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: hard links on Linux create local DoS vulnerability and security problems, (continued)
- Re: hard links on Linux create local DoS vulnerability and security problems vb (Nov 25)
- Message not available
- Re: hard links on Linux create local DoS vulnerability and security problems Steven Leikeim (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Jakob Lell (Nov 24)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Jeremiah Cornelius (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Peter Busser (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Kurt Seifried (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Michal Zalewski (Nov 26)
- Re: Re: hard links on Linux create local DoS vulnerability and security problems Christopher Allene (Nov 26)
- Re: hard links on Linux create local DoS vulnerability and security problems Alan J Rosenthal (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Casper Dik (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Carl Ekman (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Trent Petrasek (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems Seth Breidbart (Nov 24)
- Re: hard links on Linux create local DoS vulnerability and security problems I.R.van Dongen (Nov 25)
- Re: hard links on Linux create local DoS vulnerability and security problems Bob Beck (Nov 25)