Re: hardlinks to setuid binaries

To: tech-security%netbsd.org@localhost
Subject: Re: hardlinks to setuid binaries
From: Michael Richardson <mcr%sandelman.ca@localhost>
Date: Fri, 25 Mar 2022 16:21:55 +0100

Jan Schaumann <jschauma%netmeister.org@localhost> wrote:
    > Suppose you have a setuid /usr/pkg/bin/sudo from sudo version 1.8.11,
    > which is vulnerable to CVE-2014-9680.  You create a hardlink in your
    > home directory, so you get setuid, owned by root, mode 511 '~/sudo'.

So, that would require that all pieces be on the same partition.

I would claim that /home should be mounted nosuid, and that it wasn't is
really the bug.

    > On Linux, there appears to be a proc(5) restriction via
    > /proc/sys/fs/protected_hardlinks making this impossible, but on NetBSD
    > at least up to 9.2 this is possible.

    > Any thoughts on this?  Should there be a sysctl to disable this?  This
    > is not a new discovery; has this been discussed before?

Follow-Ups:
- Re: hardlinks to setuid binaries
  - From: Jan Schaumann
- Re: hardlinks to setuid binaries
  - From: George Georgalis
- Re: hardlinks to setuid binaries
  - From: Jonathan A. Kollasch

References:
- hardlinks to setuid binaries
  - From: Jan Schaumann

Prev by Date: hardlinks to setuid binaries
Next by Date: Re: hardlinks to setuid binaries
Previous by Thread: hardlinks to setuid binaries
Next by Thread: Re: hardlinks to setuid binaries
Indexes:

Home | Main Index | Thread Index | Old Index