Re: hardlinks to setuid binaries

To: tech-security%netbsd.org@localhost
Subject: Re: hardlinks to setuid binaries
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 27 Mar 2022 22:08:21 +0200

Am Fri, Mar 25, 2022 at 09:37:38AM -0400 schrieb Jan Schaumann:
> Any thoughts on this?  Should there be a sysctl to
> disable this?  This is not a new discovery; has this
> been discussed before?

The long standing recommendation is to separate user-writeable
filesystems from system filesystems. It solves a number of different
"attack" vectors at the same time. If root is going to create suid
binaries in /tmp, they kind of asked for it to be abused.

IMO nothing should be done here.

Joerg

Follow-Ups:
- re: hardlinks to setuid binaries
  - From: matthew green

References:
- hardlinks to setuid binaries
  - From: Jan Schaumann

Prev by Date: Re: hardlinks to setuid binaries
Next by Date: Re: hardlinks to setuid binaries
Previous by Thread: Re: hardlinks to setuid binaries
Next by Thread: re: hardlinks to setuid binaries
Indexes:

Home | Main Index | Thread Index | Old Index