[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: **security warning** cp -au backups are insecure with GNU cp



On Fri, Apr 27, 2001 at 04:13:34AM -0300, Peter Cordes wrote:
> 
>  /backup/home/peter/hackfile is safely unlinked before it is opened for
> writing.  However, if the user has write permission in the destination
> directory, there is still a race condition.  If they recreate the symlink
> before the open() call, you still lose.

why don't you just use tar for your backups? that would eliminate all
the games you can play with cp, though it may still be possible to
play games with tar[0], but they would not be triggered unless you
extracted the tar archive.  

this is just a basic rule of system adminsitration, you need to be
very careful what tools you use on the user's files, another example
is not doing things like chmod -R or chown -R on users home
directories, as they can create hard links to other's files and get
them chowned/chmoded.  

nonetheless its good to know about this kind of behavior.

[0] none that i can think of at the moment.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpxY3PkUEYWO.pgp
Description: PGP signature


Reply to: