Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > muc.lists.netbsd.tech.security > #213

Re: hardlinks to setuid binaries

From Thor Lancelot Simon <tls@panix.com>
Newsgroups muc.lists.netbsd.tech.security
Subject Re: hardlinks to setuid binaries
Date 2022-03-27 13:47 -0400
Organization Newsgate at muc.de e.V.
Message-ID <YkCjQDLTxGGGVcb6@panix.com> (permalink)
References <20220326111922.8A7B960A38@jupiter.mumble.net> <20220325133738.GS1131@netmeister.org>

Show all headers | View raw

On Sat, Mar 26, 2022 at 11:19:22AM +0000, Taylor R Campbell wrote:
> 
> 3. [least restrictive I could think of to prevent this attack] Either:
>    (a) If suid, caller must own file.
>    (b) If sgid, caller must be in group.

I believe, based on some past experience with this along the way to the
conclusion that, practically, my device runtime simply needed to have
multiple filesystems and enforce W^X through the expedient of mounting
all writable filesystems noexec, that  you may want to enforce the
owner/group condition on hard links to device nodes as well.

If we could enforce restrictions on filesystem subtrees, generally,
it would be possible to enforce nosuid on link targets writable by non-root
users, and call it a day.  But really, "is cwd below directory 'D'" is not
an easy thing to do in our kernel, more's the shame.

Even better, imagine requiring an attribute to be set on a directory
in order to _allow_ it to contain setuid executables.  Or device nodes.
Wouldn't that, in general, be safer and better than trying to decide all
the places where such things should _not_ be allowed?

Thor

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de

Back to muc.lists.netbsd.tech.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-25 09:37 -0400
  Re: hardlinks to setuid binaries Michael Richardson <mcr@sandelman.ca> - 2022-03-25 16:21 +0100
    Re: hardlinks to setuid binaries "Jonathan A. Kollasch" <jakllsch@kollasch.net> - 2022-03-25 11:12 -0500
    Re: hardlinks to setuid binaries George Georgalis <george@galis.org> - 2022-03-25 10:06 -0700
  Re: hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-25 17:34 -0400
  Re: hardlinks to setuid binaries Robert Elz <kre@munnari.OZ.AU> - 2022-03-26 04:42 +0700
    Re: hardlinks to setuid binaries Brook Milligan <brook@nmsu.edu> - 2022-03-25 15:51 -0600
    Re: hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-25 18:29 -0400
      Re: hardlinks to setuid binaries Taylor R Campbell <campbell+netbsd-tech-security@mumble.net> - 2022-03-25 23:00 +0000
        Re: hardlinks to setuid binaries David Sainty <david.sainty@gmail.com> - 2022-03-26 18:58 +1300
        Re: hardlinks to setuid binaries Martin Husemann <martin@duskware.de> - 2022-03-26 07:05 +0100
          Re: hardlinks to setuid binaries Simon Burge <simonb@NetBSD.org> - 2022-03-26 17:17 +1100
          Re: hardlinks to setuid binaries Valery Ushakov <uwe@stderr.spb.ru> - 2022-03-26 17:47 +0300
  Re: hardlinks to setuid binaries Taylor R Campbell <campbell+netbsd-tech-security@mumble.net> - 2022-03-26 11:19 +0000
  Re: hardlinks to setuid binaries David Sainty <david.sainty@gmail.com> - 2022-03-27 00:45 +1300
  Re: hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-26 11:52 -0400
  Re: hardlinks to setuid binaries Thor Lancelot Simon <tls@panix.com> - 2022-03-27 13:47 -0400
  Re: hardlinks to setuid binaries Joerg Sonnenberger <joerg@bec.de> - 2022-03-27 22:08 +0200
    re: hardlinks to setuid binaries matthew green <mrg@eterna.com.au> - 2022-03-28 23:42 +1100
      Re: hardlinks to setuid binaries George Georgalis <george@galis.org> - 2022-03-30 18:00 -0700
        Re: hardlinks to setuid binaries Michael Richardson <mcr@sandelman.ca> - 2022-03-31 12:58 -0400
          Re: hardlinks to setuid binaries Steffen Nurpmeso <steffen@sdaoden.eu> - 2022-03-31 19:09 +0200
            Re: hardlinks to setuid binaries George Georgalis <george@galis.org> - 2022-04-01 15:37 -0700
              Re: hardlinks to setuid binaries Steffen Nurpmeso <steffen@sdaoden.eu> - 2022-04-02 01:21 +0200
    Re: hardlinks to setuid binaries David Holland <dholland-security@netbsd.org> - 2022-03-28 20:35 +0000
  Re: hardlinks to setuid binaries David Holland <dholland-security@netbsd.org> - 2022-03-27 23:22 +0000

csiph-web