[32559] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: hard links on Linux create local DoS vulnerability and security

daemon@ATHENA.MIT.EDU (David F. Skoll)
Mon Nov 24 15:16:08 2003

Date: Mon, 24 Nov 2003 13:57:12 -0500 (EST)
From: "David F. Skoll" <dfs@roaringpenguin.com>
To: Bruno Lustosa <bruno@lustosa.net>
Cc: bugtraq@securityfocus.com
In-Reply-To: <20031124182537.GA20997@lustosa.net>
Message-ID: <Pine.LNX.4.58.0311241354310.10019@shishi.roaringpenguin.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Mon, 24 Nov 2003, Bruno Lustosa wrote:

> Just checked this on 2.6.0-test9, and it will not work.

[Keeping SUID bits by making a hard link.]

This is true even on ancient version of Linux and UNIX.

A hard link just contains a name and an inode number.  The permissions
are stored in the inode, so all hard links share the same permissions,
owner, etc.

--
David.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32559] in bugtraq

Re: hard links on Linux create local DoS vulnerability and security

daemon@ATHENA.MIT.EDU (David F. Skoll)Mon Nov 24 15:16:08 2003

daemon@ATHENA.MIT.EDU (David F. Skoll)
Mon Nov 24 15:16:08 2003