>>I find it a bit odd that a normal user can do things like this: ln /etc/shadow ~/myfile and control where system files show up in the file system. > > Not just odd, but a security problem too. This is why the package manager tool, that replaces the application, should first remove all read/write/exec permissions from the file before unlinking it. This way the hardlink won't be usable by the attacker anymore, as he can't execute it anymore. A call to revoke() might be needed, too, to close all currently open mmap(). I'm not sure on that for regular files... I don't know whether apt/rpm actually do this. But udev, for example, uses this to avoid attacks on /dev files.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds