On Wed, 18 Feb 2004 23:59, Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> 
> On Wed, Feb 18, 2004 at 11:05:30AM +0100, Richard Atterer wrote:
> > Waaaaaah, SCARY!
> >
> > Users can create hard links to arbitrary files in that directory, e.g.
> > links to other users' private files or to /etc/shadow, and automatically
> > get read access to those files.
> That is, of course, if the partitions in the system have not been setup
> properly. I assumed they were ok, he _did_ say that he was changing file
> permissions and owners manually.

Regardless, you will still have the same problem if a user creates hard links 
to files owned by another user (presuming that you don't have a mount point 
per user or a file system such as NFS that doesn't support hard-links).

As I recall this entire discussion started with users who didn't know how to 
manage their own permissions, so presumably they make their home dir mode 755 
or worse on occasion...

Even if the users' home dirs are mode 711 (fairly common when web servers and 
other daemons want to read sub-dirs of the user's home dir) that will still 
allow hard links to known files such as ~/.login, ~/.bashrc, etc.  Take over 
one of those files and taking over the entire account becomes trivial.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to