Re: Sudo and Chown?

To: debian-security@lists.debian.org
Subject: Re: Sudo and Chown?
From: Siggy Brentrup <bsb@winnegan.de>
Date: 13 Jul 2001 02:07:15 +0200
Message-id: <[🔎] 87sng1bsjw.fsf@winnegan.de>
In-reply-to: <[🔎] 1D419C6A55E3D4119D310002A50900C81D18B6@OINGOEX0>
References: <[🔎] 1D419C6A55E3D4119D310002A50900C81D18B6@OINGOEX0>

Paul Socolow <paul@appliedsemantics.com> writes:

> I would like to give a user the ability to chown files in certain
> directories to other users ownership.
> 
> I have configured sudo to limit the users and files that can be specified
> for this operation, but there is still one loophole that bugs me:
> 
> If the user were to make a hard link to a file I don't want them to touch in
> one of the directories they can run chown in, they could then sudo and
> change the ownership of the file I was trying to protect. 

Assuming the file resides on an ext2 fs, consider chattr +i, even root
can't create a hardlink nor modify the file without removing the
immutable attribute.

> Is there any way to keep chown from modifying files that are linked? Or can
> you prevent the creation of hard links in a directory?

s.a.

  Siggy

-- 
Siggy Brentrup - bsb@winnegan.de - http://www.winnegan.de/
****** ceterum censeo javascriptum esse restrictam *******

Reply to:

Follow-Ups:
- Re: Sudo and Chown?
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

References:
- Sudo and Chown?
  - From: Paul Socolow <paul@appliedsemantics.com>

Prev by Date: Re: Sudo and Chown?
Next by Date: Re: Sudo and Chown?
Previous by thread: Re: Sudo and Chown?
Next by thread: Re: Sudo and Chown?
Index(es):
- Date
- Thread