[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFD: use transient /var/run (tmpfs) or not?

On Sat, 25 Sep 2004 01:33, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
> > If an attacker knows of a security hole in one of the daemons that
> > starts early in the boot sequence they could make it create files or
> > directories of the names that match those which are used by daemons
> > started later in the boot sequence.
>
> Pardon me, but: if /var/run is writable only by root (it should),
> no attacker without root privileges is able to create a sudirectory in it.

If subdirectories are not used and /var/run is writable only with full admin 
privs (it should not) then every process that writes to it must have such 
privs.  That generally means that every daemon starts executing as root.  
This is not desirable as a daemon that gets exploited before it drops privs 
or which has a bug in the code to drop privs (both of which have happened in 
the past) will grant an attacker full access to the system.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: