[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: basically security of linux

Boyd Stephen Smith Jr. wrote:
What about hardlinking the suid-root binaries to a hidden location, waiting for a security hole to be found/fixed, and then running the old binary to exploit the hole? Does dpkg handle suid/sgid files so that this is prevented?


Having /home, /tmp, (/usr)?/s?bin and /opt on different partitions is a solution. A normal user should not have the right to create a file outside /home or /tmp, and there should be no SUID file outside (/usr)?/s?bin or /opt. No hard-linking is possible across devices.


Reply to: