Re: Program-invoking Symbolic Links?

From: Måns Rullgård
Date: Thu Aug 05 2004 - 13:43:43 EST

Next message: Greg KH: "Re: What PM should be and do (Was Re: Solving suspend-level confusion)"
Previous message: Perez-Gonzalez, Inaky: "RE: [robustmutexes] Re: [RFC/PATCH] FUSYN Realtime & robust mutexes forLinux, v2.3.1"
In reply to: viro: "Re: Program-invoking Symbolic Links?"
Next in thread: V13: "Re: Program-invoking Symbolic Links?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx writes:

> On Thu, Aug 05, 2004 at 07:34:42PM +0200, Måns Rullgård wrote:
>> > ~luser/foo => "cp /bin/sh /tmp/...; chmod 4777 /tmp/...; cat ~luser/foo.real"
>> >
>> > Any questions?
>>
>> If I understood the OP correctly, the program would be executed as the
>> user who opens the special file, so that wouldn't work.
>
> Yes, it would. Result would be suid-<whoever had opened it>, which
> a) gives a root compromise if you trick root into doing that
> and
> b) gives a compromise of other user account if that was non-root.

Of course you're right.

> Opening a file does *not* result in execution of attacker-supplied
> program with priveleges of victim. Breaking that warranty opens a
> fsck-knows-how-many holes.

Just look at msoutlook.

--
Måns Rullgård
mru@xxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: What PM should be and do (Was Re: Solving suspend-level confusion)"
Previous message: Perez-Gonzalez, Inaky: "RE: [robustmutexes] Re: [RFC/PATCH] FUSYN Realtime & robust mutexes forLinux, v2.3.1"
In reply to: viro: "Re: Program-invoking Symbolic Links?"
Next in thread: V13: "Re: Program-invoking Symbolic Links?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]