Tightening security: not for the impatient
Posted Jul 17, 2012 9:29 UTC (Tue) by nlucas (subscriber, #33793)
But I agree with you that it's a reasonable breakage.
Posted Jul 17, 2012 15:18 UTC (Tue) by nybble41 (subscriber, #55106)
Posted Jul 20, 2012 23:41 UTC (Fri) by mathstuf (subscriber, #69389)
Posted Jul 21, 2012 11:30 UTC (Sat) by anselm (subscriber, #2796)
Hard-linked files do share the same permissions – permissions are stored on the file's inode and hard links are just extra directory entries that point to the same inode.
Linux will not let you create a hard link to an executable file that is marked suid but doesn't belong to you. Making hard links to a file that you own yourself is fine regardless of whether that file is suid or not, and does not impinge on the suid status of the file.
Posted Jul 21, 2012 16:55 UTC (Sat) by mathstuf (subscriber, #69389)
Posted Jul 23, 2012 13:15 UTC (Mon) by nlucas (subscriber, #33793)
It's easy enough to build a busybox binary implementing only the suid utils (as is to not include the suid utils on the regular binary).
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds