> as a normal user, the system lets me do this:
>
> ln /etc/shadow /tmp/testfile
>
> it then creates testfile as the same permissions and ownership of
> /etc/shadow, thus i still cannot read it, but should it really be letting
> me do this? Also, after i create the file, i cannot remove it (since i do
> not own it). Should it really be doing this?
I think this was discussed a few months ago, and some onofficial patches
were bounced around. IMO, this sort of hard linking should not be
allowed. Consider the following:
You have sendmail 8.6.x or 8.7.x (aka sendroot). It's suid. You didn't
bother partitioning and have /tmp or /home or /var on the same partition
as /usr, and some luser hard links sendmail to BitchX in some dir they
have write access to. A security bulletin comes out that sendmail
8.whatever has a root compromise (big surprise) and you quickly upgrade
and rm that evil old sendmail. The user now has a suid copy of his own to
exploit...unless you chmoded the old one before rm'ing it.
Of course, most servers probably have several configuration related
reasons that the above would fail (logical partitioning, sane mount
options), but why should users be able to hardlink files they don't own?
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______