Re: apt-get and The_User

To: debian-devel@lists.debian.org
Subject: Re: apt-get and The_User
From: Paul Slootman <paul@murphy.nl>
Date: Mon, 4 Dec 2000 16:33:00 +0100
Message-id: <[🔎] 20001204163300.B3955@murphy.nl>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87ofyuvwol.fsf@becket.becket.net>; from tb@becket.net on Sat, Dec 02, 2000 at 10:35:54PM -0800
References: <[🔎] Pine.LNX.3.96.1001203000238.10084B-100000@qn-195-66-31-144.quicknet.nl> <[🔎] 87ofyuvwol.fsf@becket.becket.net>

On Sat 02 Dec 2000, Thomas Bushnell, BSG wrote:
> 
> The standard example works something like this, supposing I can write
> the directory "foo":
> 
> mkdir foo/{bin,etc}
> ln /bin/su foo/bin/su

I would consider the problem here to lie in the fact that any user can
link a setuid file. (I was most surprised when I discovered this;
I would have expected that I could not link a non-writable file that
doesn't have my UID as owner; after all, I'm changing things in the
file's inode (number of links).)

> The Hurd takes a different tack out: anybody can do chroot, but a
> setuid program always has a root directory of the real system root,
> not the one inherited from the parent.

Sounds good.

Paul Slootman
-- 
home:       paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work:       paul@murphy.nl       http://www.murphy.nl/
debian:     paul@debian.org      http://www.debian.org/
isdn4linux: paul@isdn4linux.org  http://www.isdn4linux.org/

Reply to:

Follow-Ups:
- Re: apt-get and The_User
  - From: Branden Robinson <branden@debian.org>

References:
- Re: apt-get and The_User
  - From: Remco Blaakmeer <remco-blaakmeer@quicknet.nl>
- Re: apt-get and The_User
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: Woody Progress
Next by Date: Re: Bigger and better Woody
Previous by thread: Re: apt-get and The_User
Next by thread: Re: apt-get and The_User
Index(es):
- Date
- Thread