Re: apt-get and The_User
On Sat 02 Dec 2000, Thomas Bushnell, BSG wrote:
>
> The standard example works something like this, supposing I can write
> the directory "foo":
>
> mkdir foo/{bin,etc}
> ln /bin/su foo/bin/su
I would consider the problem here to lie in the fact that any user can
link a setuid file. (I was most surprised when I discovered this;
I would have expected that I could not link a non-writable file that
doesn't have my UID as owner; after all, I'm changing things in the
file's inode (number of links).)
> The Hurd takes a different tack out: anybody can do chroot, but a
> setuid program always has a root directory of the real system root,
> not the one inherited from the parent.
Sounds good.
Paul Slootman
--
home: paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work: paul@murphy.nl http://www.murphy.nl/
debian: paul@debian.org http://www.debian.org/
isdn4linux: paul@isdn4linux.org http://www.isdn4linux.org/
Reply to: