| |||||||||||||
turn the /etc/shadow argument on it's headturn the /etc/shadow argument on it's headPosted Apr 27, 2006 15:59 UTC (Thu) by JoeBuck (subscriber, #2330)In reply to: turn the /etc/shadow argument on it's head by dlang Parent article: The AppArmor debate begins I know only a little about SELinux, but I believe that you are incorrect. Programs that use /etc/shadow for password authorization can check the security label; if it is not set to the proper value, authorization can be made to fail. So if you manage to make /etc/shadow point to a new file, you only achieve denial-of-service: no one can log in. But even if this check is not made, ordinary users can make a hard link to /etc/shadow if they have write access to a directory in the same filesystem as /etc. Ordinary users cannot make /etc/shadow point to a different file unless they have already cracked root. So you haven't quite turned the argument on its head: it is easier to add new names than to change what a name refers to.
(Log in to post comments)
turn the /etc/shadow argument on it's head Posted Apr 28, 2006 6:01 UTC (Fri) by dlang (✭ supporter ✭, #313) [Link] and AppArmor only allows you to create a link to a file if you have permission to modify the file itself so creating a new name isn't as trivial
turn the /etc/shadow argument on it's head Posted May 4, 2006 14:48 UTC (Thu) by anLWNreader (guest, #36915) [Link] That would break POSIX. I hope AppArmor doesn't do that.
|
|||||||||||||