tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: hardlinks to setuid binaries

To: Taylor R Campbell <campbell+netbsd-tech-security%mumble.net@localhost>
Subject: Re: hardlinks to setuid binaries
From: Martin Husemann <martin%duskware.de@localhost>
Date: Sat, 26 Mar 2022 07:05:04 +0100

On Fri, Mar 25, 2022 at 11:00:35PM +0000, Taylor R Campbell wrote:
> A heavier hammer, not requiring changes to pkg_delete or anything,
> would be to prohibit creating hard links to files with suid/sgid bits,
> and to prohibit setting the suid/sgid bits on files with >1 link.

Instead of prohibitting those, we could require them to be done by the suid
owner or root.

Martin

Follow-Ups:
- Re: hardlinks to setuid binaries
  - From: Valery Ushakov
- Re: hardlinks to setuid binaries
  - From: Simon Burge

References:
- Re: hardlinks to setuid binaries
  - From: Jan Schaumann
- Re: hardlinks to setuid binaries
  - From: Taylor R Campbell

Prev by Date: Re: hardlinks to setuid binaries
Next by Date: Re: hardlinks to setuid binaries
Previous by Thread: Re: hardlinks to setuid binaries
Next by Thread: Re: hardlinks to setuid binaries
Indexes:

Home | Main Index | Thread Index | Old Index