[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cp, ln, mv, install: check for vulnerable target directories
From: |
Kaz Kylheku (Coreutils) |
Subject: |
Re: cp, ln, mv, install: check for vulnerable target directories |
Date: |
Thu, 21 Sep 2017 09:18:38 -0700 |
User-agent: |
Roundcube Webmail/0.9.2 |
On 20.09.2017 18:59, Paul Eggert wrote:
Kaz Kylheku (Coreutils) wrote:
Instead of checking for what *could* go wrong, why not defend more
specifically against signs that the attack might be actually
happening.
That's what the patch is trying to do, though it looks like it should
be improved.
There is a simple operating system fix for this: do not allow processes
to create symlinks in directories to which they only have write accesses
via
S_IWOTH.
More precisely, the proposal is that if a process want to create a
symlink,
then it either has to be root, or else the owner of the directory with
S_IWUSR
asserted on the directory, or else the group owner (directly or via a
supplementary GID) with S_IWGRP asserted. For the purposes of creating
a
symlink, the directory is treated as if S_IWOTH is false, even if set.
The main use case for shared writable directories is /tmp and "spool"
directories.
I can't think of a legit reason to be creating symlinks in those
directories,
only subdirectories (in which the creator then make symlinks),
regular files, and some special objects like sockets.
A symlink in a shared writable directory is nothing more than a "name
squatting"
trap. Ergo, don't allow that. Or else, the responsibility for defense
then
spreads all over the system, such as into basic utilities!
- cp, ln, mv, install: check for vulnerable target directories, Paul Eggert, 2017/09/19
- Re: cp, ln, mv, install: check for vulnerable target directories, Pádraig Brady, 2017/09/20
- Re: cp, ln, mv, install: check for vulnerable target directories, Bernhard Voelker, 2017/09/20
- Re: cp, ln, mv, install: check for vulnerable target directories, Paul Eggert, 2017/09/20
- Re: cp, ln, mv, install: check for vulnerable target directories, Kaz Kylheku (Coreutils), 2017/09/20
- Re: cp, ln, mv, install: check for vulnerable target directories, Paul Eggert, 2017/09/20
- Re: cp, ln, mv, install: check for vulnerable target directories,
Kaz Kylheku (Coreutils) <=
- Re: cp, ln, mv, install: check for vulnerable target directories, Kaz Kylheku (Coreutils), 2017/09/21
- Re: cp, ln, mv, install: check for vulnerable target directories, Kaz Kylheku (Coreutils), 2017/09/21
- Re: cp, ln, mv, install: check for vulnerable target directories, Paul Eggert, 2017/09/21
- Re: cp, ln, mv, install: check for vulnerable target directories, Paul Eggert, 2017/09/25
Re: cp, ln, mv, install: check for vulnerable target directories, Kaz Kylheku (Coreutils), 2017/09/20
- Prev by Date:
Re: cp, ln, mv, install: check for vulnerable target directories
- Next by Date:
Re: cp, ln, mv, install: check for vulnerable target directories
- Previous by thread:
Re: cp, ln, mv, install: check for vulnerable target directories
- Next by thread:
Re: cp, ln, mv, install: check for vulnerable target directories
- Index(es):