Re: again security proposal

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 29 Dec 1997 15:45:29 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: ANNOUNCE: Shared Memory File System"
Previous message: t0mmy: "Re: ANNOUNCE: Shared Memory File System"
In reply to: Yuri Kuzmenko: "again security proposal"
Next in thread: Yuri Kuzmenko: "Re: again security proposal"
Reply: Yuri Kuzmenko: "Re: again security proposal"

> user. Well known hardlink attack ($ ln /etc/passwd ~/.somestuff; # chown user
> /home/user -R; $ vi ~/.somestuff) now maybe done by any user. Any sysadmin

If it can be then its a bug in 2.1.x

[alan@diamondage alan]$ ln /etc/passwd ~/foom
[alan@diamondage alan]$ chmod 755 foom
chmod: foom: Operation not permitted
[alan@diamondage alan]$ chown alan foom
chown: foom: Operation not permitted

2.1

[alan@roadrunner anarchy]$ ln /etc/passwd /tmp/foom
[alan@roadrunner anarchy]$ chown alan /tmp/foom
chown: /tmp/foom: Operation not permitted

So I think you are seeing things

Next message: Alan Cox: "Re: ANNOUNCE: Shared Memory File System"
Previous message: t0mmy: "Re: ANNOUNCE: Shared Memory File System"
In reply to: Yuri Kuzmenko: "again security proposal"
Next in thread: Yuri Kuzmenko: "Re: again security proposal"
Reply: Yuri Kuzmenko: "Re: again security proposal"