tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: hardlinks to setuid binaries
Jan Schaumann <jschauma%netmeister.org@localhost> wrote:
> Suppose you have a setuid /usr/pkg/bin/sudo from sudo version 1.8.11,
> which is vulnerable to CVE-2014-9680. You create a hardlink in your
> home directory, so you get setuid, owned by root, mode 511 '~/sudo'.
So, that would require that all pieces be on the same partition.
I would claim that /home should be mounted nosuid, and that it wasn't is
really the bug.
> On Linux, there appears to be a proc(5) restriction via
> /proc/sys/fs/protected_hardlinks making this impossible, but on NetBSD
> at least up to 9.2 this is possible.
> Any thoughts on this? Should there be a sysctl to disable this? This
> is not a new discovery; has this been discussed before?
Home |
Main Index |
Thread Index |
Old Index