OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Exploit-Dev Archives: Re: any user can make hard links in Unix

Re: any user can make hard links in Unix

Subject: Re: any user can make hard links in Unix
From: Antonomasia (antNOTATLA.DEMON.CO.UK)
Date: Wed Dec 22 1999 - 20:01:32 CST

Eilert Brinkmann <eilertINFORMATIK.UNI-BREMEN.DE> writes:

> It may be a good idea to permit only the owner of a file to hard link
> it. I don't know if this change will break anything, but in the moment
> I don't see any reason why users should be able to create hard links
> to files they don't own. Usually symlinks should do it. However, this
> would require a change in the kernel (should be easy to do).

Solar Designer's patch covers this (from false.com). README says:

: Restricted links in /tmp
: --------------------------
:
: I've also added a link-in-/tmp security fix, originally by Andrew Tridgell.
: I changed it to prevent from using hard links too, by not allowing non-root
: users to create hard links to files they don't own. This seems to be the
: desired behavior anyway, since otherwise users couldn't remove such links
: they just created in a +t directory. I also added exploit attempt logging.

The only snag I've found with this is that making hard links to files owned
by another user is desirable for locking, as indicated in man open(2) in
the section on O_EXCL. 

--
##############################################################
# Antonomasia   antnotatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

This archive was generated by hypermail 2b27 : Wed Dec 22 1999 - 21:17:41 CST