Re: hardlinks to setuid binaries

To: tech-security%netbsd.org@localhost
Subject: Re: hardlinks to setuid binaries
From: George Georgalis <george%galis.org@localhost>
Date: Fri, 25 Mar 2022 10:06:19 -0700

On Fri, Mar 25, 2022 at 8:22 AM Michael Richardson <mcr%sandelman.ca@localhost> wrote:
>
> Jan Schaumann <jschauma%netmeister.org@localhost> wrote:
>     > Suppose you have a setuid /usr/pkg/bin/sudo from sudo version 1.8.11,
>     > which is vulnerable to CVE-2014-9680.  You create a hardlink in your
>     > home directory, so you get setuid, owned by root, mode 511 '~/sudo'.
>
> So, that would require that all pieces be on the same partition.
>
> I would claim that /home should be mounted nosuid, and that it wasn't is
> really the bug.

What a great observation! Around 2003, Debian root dev servers were
discovered compromised due to an old install, with vulnerable suid
binaries, mounted ro in a non-standard path, the old partitions were
retained as a bin, lib, etc backup. When the vulnerable binaries were
covertly exploited by a rogue developer, it was a mess for the OS.

I don't think it is necessary to mount user writable partitions nosuid,
that would be problematic for various suid/sgid sandbox directories.
Using separate partitions for the administrative suid binaries and
user writable directories covers all the cases I can imagine?

-George

-- 
George Georgalis, (415) 894-2710, http://www.galis.org/

References:
- hardlinks to setuid binaries
  - From: Jan Schaumann
- Re: hardlinks to setuid binaries
  - From: Michael Richardson

Prev by Date: Re: hardlinks to setuid binaries
Next by Date: Re: hardlinks to setuid binaries
Previous by Thread: Re: hardlinks to setuid binaries
Next by Thread: Re: hardlinks to setuid binaries
Indexes:

Home | Main Index | Thread Index | Old Index