LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Standards, the kernel, and Postfix

Standards, the kernel, and Postfix

Posted Aug 21, 2008 15:34 UTC (Thu) by mb (subscriber, #50428)
In reply to: Standards, the kernel, and Postfix by rwmj
Parent article: Standards, the kernel, and Postfix 

>>I find it a bit odd that a normal user can do things like this: ln /etc/shadow ~/myfile and
control where system files show up in the file system.
>
> Not just odd, but a security problem too. 

This is why the package manager tool, that replaces the application, should first remove all
read/write/exec permissions from the file before unlinking it. This way the hardlink won't be
usable by the attacker anymore, as he can't execute it anymore.
A call to revoke() might be needed, too, to close all currently open mmap(). I'm not sure on
that for regular files...

I don't know whether apt/rpm actually do this.

But udev, for example, uses this to avoid attacks on /dev files.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds