Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > muc.lists.netbsd.tech.security > #198
| From | Michael Richardson <mcr@sandelman.ca> |
|---|---|
| Newsgroups | muc.lists.netbsd.tech.security |
| Subject | Re: hardlinks to setuid binaries |
| Date | 2022-03-25 16:21 +0100 |
| Organization | Newsgate at muc.de e.V. |
| Message-ID | <59145.1648221715@dooku> (permalink) |
| References | <20220325133738.GS1131@netmeister.org> |
Jan Schaumann <jschauma@netmeister.org> wrote:
> Suppose you have a setuid /usr/pkg/bin/sudo from sudo version 1.8.11,
> which is vulnerable to CVE-2014-9680. You create a hardlink in your
> home directory, so you get setuid, owned by root, mode 511 '~/sudo'.
So, that would require that all pieces be on the same partition.
I would claim that /home should be mounted nosuid, and that it wasn't is
really the bug.
> On Linux, there appears to be a proc(5) restriction via
> /proc/sys/fs/protected_hardlinks making this impossible, but on NetBSD
> at least up to 9.2 this is possible.
> Any thoughts on this? Should there be a sysctl to disable this? This
> is not a new discovery; has this been discussed before?
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
Back to muc.lists.netbsd.tech.security | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-25 09:37 -0400
Re: hardlinks to setuid binaries Michael Richardson <mcr@sandelman.ca> - 2022-03-25 16:21 +0100
Re: hardlinks to setuid binaries "Jonathan A. Kollasch" <jakllsch@kollasch.net> - 2022-03-25 11:12 -0500
Re: hardlinks to setuid binaries George Georgalis <george@galis.org> - 2022-03-25 10:06 -0700
Re: hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-25 17:34 -0400
Re: hardlinks to setuid binaries Robert Elz <kre@munnari.OZ.AU> - 2022-03-26 04:42 +0700
Re: hardlinks to setuid binaries Brook Milligan <brook@nmsu.edu> - 2022-03-25 15:51 -0600
Re: hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-25 18:29 -0400
Re: hardlinks to setuid binaries Taylor R Campbell <campbell+netbsd-tech-security@mumble.net> - 2022-03-25 23:00 +0000
Re: hardlinks to setuid binaries David Sainty <david.sainty@gmail.com> - 2022-03-26 18:58 +1300
Re: hardlinks to setuid binaries Martin Husemann <martin@duskware.de> - 2022-03-26 07:05 +0100
Re: hardlinks to setuid binaries Simon Burge <simonb@NetBSD.org> - 2022-03-26 17:17 +1100
Re: hardlinks to setuid binaries Valery Ushakov <uwe@stderr.spb.ru> - 2022-03-26 17:47 +0300
Re: hardlinks to setuid binaries Taylor R Campbell <campbell+netbsd-tech-security@mumble.net> - 2022-03-26 11:19 +0000
Re: hardlinks to setuid binaries David Sainty <david.sainty@gmail.com> - 2022-03-27 00:45 +1300
Re: hardlinks to setuid binaries Jan Schaumann <jschauma@netmeister.org> - 2022-03-26 11:52 -0400
Re: hardlinks to setuid binaries Thor Lancelot Simon <tls@panix.com> - 2022-03-27 13:47 -0400
Re: hardlinks to setuid binaries Joerg Sonnenberger <joerg@bec.de> - 2022-03-27 22:08 +0200
re: hardlinks to setuid binaries matthew green <mrg@eterna.com.au> - 2022-03-28 23:42 +1100
Re: hardlinks to setuid binaries George Georgalis <george@galis.org> - 2022-03-30 18:00 -0700
Re: hardlinks to setuid binaries Michael Richardson <mcr@sandelman.ca> - 2022-03-31 12:58 -0400
Re: hardlinks to setuid binaries Steffen Nurpmeso <steffen@sdaoden.eu> - 2022-03-31 19:09 +0200
Re: hardlinks to setuid binaries George Georgalis <george@galis.org> - 2022-04-01 15:37 -0700
Re: hardlinks to setuid binaries Steffen Nurpmeso <steffen@sdaoden.eu> - 2022-04-02 01:21 +0200
Re: hardlinks to setuid binaries David Holland <dholland-security@netbsd.org> - 2022-03-28 20:35 +0000
Re: hardlinks to setuid binaries David Holland <dholland-security@netbsd.org> - 2022-03-27 23:22 +0000
csiph-web