Re: basically security of linux

To: debian-security@lists.debian.org
Subject: Re: basically security of linux
From: Francois Bottin <fbottin@free.fr>
Date: Fri, 16 Jan 2009 21:48:38 +0100
Message-id: <[🔎] 4970F2A6.8050908@free.fr>
In-reply-to: <[🔎] 200901161017.25745.bss@iguanasuicide.net>
References: <[🔎] 497053F7.1010603@tu-dresden.de> <[🔎] A323FF861131D215B7DC9574@ZOP-MACTEL.local> <[🔎] 200901161017.25745.bss@iguanasuicide.net>

Boyd Stephen Smith Jr. wrote:

What about hardlinking the suid-root binaries to a hidden location, waitingfor a security hole to be found/fixed, and then running the old binary toexploit the hole? Does dpkg handle suid/sgid files so that this isprevented?

Hi,

Having /home, /tmp, (/usr)?/s?bin and /opt on different partitions is asolution. A normal user should not have the right to create a fileoutside /home or /tmp, and there should be no SUID file outside(/usr)?/s?bin or /opt. No hard-linking is possible across devices.


	François.

Reply to:

References:
- basically security of linux
  - From: Andreas Matthus <Andreas.Matthus@tu-dresden.de>
- Re: basically security of linux
  - From: Michael Loftis <mloftis@wgops.com>
- Re: basically security of linux
  - From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>

Prev by Date: Re: basically security of linux
Next by Date: Re: basically security of linux
Previous by thread: Re: basic security of linux
Next by thread: Re: basically security of linux
Index(es):
- Date
- Thread