Re: hardlinks.... sucks... ;-(

Pavel Machek (pavel@elf.ucw.cz)
Thu, 1 Jan 1998 20:31:59 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Martin Mares: "Re: Keyboard hacking?"
Previous message: Marty Leisner: "lack of raw disk devices"

> No, you are not right ;-( There is old Unix hole and you know it. And it's
> a kernel vfs issue. In general, this is *huge* hole. Novice in
> sysadmin's world can done this "not kernel issue":
>
> user$ ln /etc/passwd ~/.some
> root# chown newuser /home/user -R
>
> This is only common example. And this is a *serious* security bug.

No. You just need other tool than chown, you need tool that changes
uid->uid. And you run it as chown -from olduser -to newuser -R /,
which looks for all files owned by olduser and makes newuser own
them. Just go ahead and write this tool. (And mail me a copy ;-). (I
would also appredicate option to delete such files).

Pavel

-- 
I'm really pavel@atrey.karlin.mff.cuni.cz. 	   Pavel
Look at http://atrey.karlin.mff.cuni.cz/~pavel/ ;-).

Next message: Martin Mares: "Re: Keyboard hacking?"
Previous message: Marty Leisner: "lack of raw disk devices"