|
|
Subscribe / Log in / New account

Tightening security: not for the impatient

Tightening security: not for the impatient

Posted Jul 17, 2012 9:29 UTC (Tue) by nlucas (guest, #33793)
In reply to: Tightening security: not for the impatient by philomath
Parent article: Tightening security: not for the impatient

It might break current busybox installations. Multiple suid binaries are linked to the same binary.

But I agree with you that it's a reasonable breakage.

to post comments

Tightening security: not for the impatient

Posted Jul 17, 2012 15:18 UTC (Tue) by nybble41 (subscriber, #55106) [Link] (4 responses)

That should still work, so long as you create the links _before_ marking the binary as SUID. You could look at the reference count to ensure that there are no "rogue" links at that point. Once it's marked SUID, no new hard links could be created without first clearing the SUID bit.

Tightening security: not for the impatient

Posted Jul 20, 2012 23:41 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (3 responses)

I seem to have run across the problem that hardlinked files all shared the same permissions. Are the tests we ran for that missing something or is it just suid that is special?

Tightening security: not for the impatient

Posted Jul 21, 2012 11:30 UTC (Sat) by anselm (subscriber, #2796) [Link] (2 responses)

Hard-linked files do share the same permissions – permissions are stored on the file's inode and hard links are just extra directory entries that point to the same inode.

Linux will not let you create a hard link to an executable file that is marked suid but doesn't belong to you. Making hard links to a file that you own yourself is fine regardless of whether that file is suid or not, and does not impinge on the suid status of the file.

Tightening security: not for the impatient

Posted Jul 21, 2012 16:55 UTC (Sat) by mathstuf (subscriber, #69389) [Link] (1 responses)

Okay, so why make the binary SUID after hardlinking? Since that makes *every* one of those binaries SUID now. If it's something like toybox, I don't want sed to be SUID even if mount is hardlinked to it. Seems like there's a case for having a separate SUID instance that those programs link to.

Tightening security: not for the impatient

Posted Jul 23, 2012 13:15 UTC (Mon) by nlucas (guest, #33793) [Link]

The busybox project is well is aware of that and recomends a different busybox binary for suid and regular binaries.

It's easy enough to build a busybox binary implementing only the suid utils (as is to not include the suid utils on the regular binary).


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds