Re: hardlinks to setuid binaries

To: tech-security%netbsd.org@localhost
Subject: Re: hardlinks to setuid binaries
From: David Holland <dholland-security%netbsd.org@localhost>
Date: Mon, 28 Mar 2022 20:35:10 +0000

On Mon, Mar 28, 2022 at 11:42:31PM +1100, matthew green wrote:
 > i don't see the benefit of a special mode/flag on a subdir to 
 > allow this.  as a normal user, i can create setuid to me and
 > i think that's a fine think to allow.

You could imagine two flags, one for root and one settable by users
that allows a directory to contain objects setuid to the directory
owner or setgid to the directory group. (like the two immutable flags)

It's more obviously useful for device nodes, since the only times when
device nodes belong anywhere except /dev (and a chroot tree's /dev)
are very specific arrangements established explicitly by the sysadmin.

Plenty of compat issues to figure out before trying to deploy either,
though.

(though I don't see where even the setuid flag interferes with
updating base and in pkgsrc it'll only interfere with the small number
of packages that build in destdir but not user-destdir mode)

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: hardlinks to setuid binaries
  - From: George Georgalis

References:
- Re: hardlinks to setuid binaries
  - From: Joerg Sonnenberger
- re: hardlinks to setuid binaries
  - From: matthew green

Prev by Date: re: hardlinks to setuid binaries
Next by Date: Re: hardlinks to setuid binaries
Previous by Thread: re: hardlinks to setuid binaries
Next by Thread: Re: hardlinks to setuid binaries
Indexes:

Home | Main Index | Thread Index | Old Index